Wed Sep 24 21:16:20 UTC 2008
RobertH <roberth at abbacomm.net>

> That's probably the reason why much spam has valid spf records. Get
> yourself
> a throwaway domain, so you're getting through the domain check and give
> that
> domain a valid spf record which allows all machines in the world to send
> mail for that domain. Voilà - valid SPF record.
> That's why I asked which problem SPF is trying to solve.
> Ralph

The SPF Qmail patch we use on CentOS Opsys has a special case for SPF from

And we discard on that signal...

At this site...



    Some spammers have found a way to work around SPF filtering. They simply
purchase their own bogus domain names for ten dollars each, give them SPF
records which contain "+all" (which says that every IP on the planet has
permission to send mail "From" their domain), and use their own domain name
as the sender address in their spam.

    If this variable contains a non-zero value, any such SPF record will be
changed from "+all" to "-all" before the SPF test is performed. Since most
spammers have "+all" as the only term in their SPF record, this effectively
blocks every IP address.

Anyways, to get more back on topic, I cannot image it would take more than 2
minutes for you to do an SPF record for your main domains

Then, depending on whatever mail server software you are using, find the DK
or DKIM howto and implement.

Should be easy right?

 - rh