I can't (nor wish) to stop my users accessing my email servers from other than my IP addresses but I can't see how I can allow this and at the same time fully implement the usefulness of SPF.
Ideally, you would have all your users use your mailserver.
But if that isn't an option for you, "+mx ?all" is the answer. Anyone sending mail from your mailserver gets "credit" (either whitelisted or their E-mail less likely to be marked as spam), and anyone not sending from your mailserver isn't penalized. If your domain is frequently forged in spam, you could get creative and do things like add "-ptr:customer.swbell.net -ptr:dsl.earthlink.net -%{ir4}.bl.spamcop.net" to further restrict how spammers can use your domain (saying that your users couldn't send mail using your domain if they were coming from a SW Bell user IP or Earthlink DSL account or any IP listed in Spamcop).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
