[CentOS] Reject Action For SPF

Thu May 3 17:07:17 UTC 2012
John Hinton <webmaster at ew3d.com>

On 5/3/2012 12:40 PM, Prabhpal S. Mavi wrote:
>> are you sure you want to do this? It will definitely result in lots of
>> legitimate mail being blocked, because SPF is by no means ubiquitous.
>>
>> You can set up your mail server to block mail if the SPF record suggests
>> it, but I would never filter mail originating from domains having no SPF
>> record at all.
>>
>> Best regards,
>>
>>    Peter.
> Dear Peter,
>
> Thanks for your response. it is true what you are saying. but we want to
> set that way.
>
>
> Prabh S. Mavi
>
>
A couple of notes.

1. SPF was not designed to be used this way. It is doubtful that anyone 
has written anything that even remotely considered this option in use. 
You will likely have to write it yourself.

2. SPF is still in RFC testing, so it is not yet a full internet 
standard. And once it is, the standard still does not condone using it 
the way you intend. IOW, there is nothing in the standard that states 
you must have a SPF record to be a legit email domain. Basically, you'll 
have a broken mailserver. We are actually stuck with having to take ours 
off for the moment as one 'service' we use demands sending email from 
their mailservers using our email address and they still have no SPF record.

If you do this, most likely you will not get around 90% of the good 
email as SPF is not widely used as of yet. But I guess if you are only 
interested in receiving email from a few 'known' domains... it could 
work. Seems it would be easier to just blacklist all and whitelist the 
few? If it is just for internal... perhaps a webmail system with no 
outside email ability would be the way to go?

-- 
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions