> 1. SPF was not designed to be used this way. It is doubtful that anyone > has written anything that even remotely considered this option in use. > You will likely have to write it yourself. > > 2. SPF is still in RFC testing, so it is not yet a full internet > standard. And once it is, the standard still does not condone using it > the way you intend. IOW, there is nothing in the standard that states > you must have a SPF record to be a legit email domain. Basically, you'll > have a broken mailserver. We are actually stuck with having to take ours > off for the moment as one 'service' we use demands sending email from > their mailservers using our email address and they still have no SPF > record. > > If you do this, most likely you will not get around 90% of the good > email as SPF is not widely used as of yet. But I guess if you are only > interested in receiving email from a few 'known' domains... it could > work. Seems it would be easier to just blacklist all and whitelist the > few? If it is just for internal... perhaps a webmail system with no > outside email ability would be the way to go? Dear Hilton. J Thanks for your advice, i actually know this. what would you say about those who put there efforts to implement SPF. why they do it? Thanks / Regards Prabh S. Mavi