SPF Configurations

John Levine johnl at iecc.com
Fri Dec 4 17:25:04 UTC 2009


>> If the customer insist on using their domain, then you would have to have
>> the customer setup an SPF record within their domain that points to your
>> email server IP blocks.

Right.  The only major mail system that pays attention to SPF is
Hotmail, but there are enough small poorly run MTAs that use it that
an SPF record which lists your outbounds and ~all (not -all) can be
marginally useful to avoid bogus rejections of your mail.

As everyone here should already know, the fundamental problem with SPF
is that although it does an OK job of describing the mail sending
patterns of dedicated bulk mail systems, it can't model the way that
normal mail systems with human users work.  But so deep is the faith
of the SPF cult that they blame the world for not matching SPF rather
than the other way around, believing that it prevent forgery, having
redefined "forgery" as whatever it is that SPF prevents.  As the
operator of one of the world's more heavily forged domains (abuse.net)
I can report that if you think it prevents forgery blowback, you are
mistaken.

For rants about how badly the world and/or SPF stink, followups to
Spam-L.  For proposals about other anti-spam magic bullets, followups
to ASRG.

R's,
John






More information about the NANOG mailing list