> > That's probably the reason why much spam has valid spf records. Get > yourself > a throwaway domain, so you're getting through the domain check and give > that > domain a valid spf record which allows all machines in the world to send > mail for that domain. Voilà - valid SPF record. > > That's why I asked which problem SPF is trying to solve. > > Ralph The SPF Qmail patch we use on CentOS Opsys has a special case for SPF from ALL And we discard on that signal... At this site... http://qmail.jms1.net/scripts/service-qmail-smtpd-run.shtml SPF_BLOCK_PLUS_ALL=1 Some spammers have found a way to work around SPF filtering. They simply purchase their own bogus domain names for ten dollars each, give them SPF records which contain "+all" (which says that every IP on the planet has permission to send mail "From" their domain), and use their own domain name as the sender address in their spam. If this variable contains a non-zero value, any such SPF record will be changed from "+all" to "-all" before the SPF test is performed. Since most spammers have "+all" as the only term in their SPF record, this effectively blocks every IP address. Anyways, to get more back on topic, I cannot image it would take more than 2 minutes for you to do an SPF record for your main domains Then, depending on whatever mail server software you are using, find the DK or DKIM howto and implement. Should be easy right? - rh