on 9-24-2008 1:03 PM Bob Hoffman spake the following: > > >> Besides, in the OP case, SPF will change nothing for mail >> getting out of his server, since his sender domain matches >> his client domain (this is what gmail calls "guessed SPF"), >> and in addition, his client is the MX of his domain, so he is >> not going to forge his own domain on his own server. >> >> > > Read a few dozen sites since the last post. The reason behind spf is as > follows...i guess. > > SPF says 'this domain and this ip sendmails' and you should say 'reject any > mails you (yahoo, gmail, etc) receive that are not from 'this domain or this > ip' > > The ip can be one or many. The domains can be one or many. > > What they are looking for is 'are you helping them weed out their own spam?' > If someone forges your address, yahoo will then go to your site and find out > that only 'this ip and this mail server' can send mail. If the mail they got > is not agreeing with that, they crush it. > > This tells yahoo you are somewhat trying to help and then they whitelist it, > so to speak. Not doing this will tell yahoo you want 'any mail from anywhere > with my email address or domains' to be accepted. > > Since they do not like that, immediate greylist. > > So, it is about helping them deal with forgeries and not much else. Many > servers ignore or do not use it. From what I read, you should have it. Since a valid spf record cane take all of 5 minutes to write, I don't see it as a big deal. Now DKIM takes a little longer. If it lets my boss send mail to whoever, that is also a plus. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080924/7d93f52d/attachment-0005.sig>