> Michael Monnerie wrote: > > On Sonntag, 25. September 2005 01:35 Steve wrote: > >> Sorry if this is really simple... any advice would be useful. > > > > Not a lot, but SPF helps for that scenario. See http://spf.pobox.com > > > >(Pierre replied): > I agree; SPF is about the only defense. For the last few > days an address in one of our low-traffic domains has been > joe-jobbed, and our DNS servers show hundreds of TXT queries > to that domain from all over the world. Obviously some mail > servers are checking and (hopefully) rejecting the spam. And > we are rejecting bounces to the joe-jobbed address, since it > isn't a valid user address. > > Pierre Thomson
While I am a (semi)advocate of SPF, we should inform the original poster what SPF will likely do and not do: 1) His email servers will be 'authorized' to send and if he terminates the SPF record with -all those forging email "in his name" will be explicitly unauthorized. 2) Some SMTP servers (but not enough) will check this and disallow forged email from those authorized servers 3) A few will use the SPF to recognize that he is not the sender and suppress their BOUNCE notifications, but few are in this group because any email admin stupid enough to still be BOUNCING to unauthenticated addresses is probably too clueless to use SPF to ameliorate the situation. 4) He can as least have DENYABILITY if anyone accuses him, in a material way, of originating the forged emails. SPF is the right thing to do -- but the benefits have not yet reach their potential. He must also watch out for sneaky users "forwarding" their email or using "other SMTP servers" with their email address -- probably such (random) forwarding/sending by users will be "unauthorized" as well. -- Herb Martin