I was thinking about adding spf checking support directly in the MTA. This would allow messages that fail spf to be instantly blocked.
However, I noticed that many maillists (sourceforge's ones included) set the MAIL FROM to the original sender address. If the senders domain is spf enabled, it will generate an SPF_FAIL error. Also, many webservices (like contact forms, php generated messages) forge the sender address (usually to the recipients address). How do you guys deal with this? 1 - Dont enable spf at mta level (leave it to SA) 2 - Enable spf at MTA, but keep monitoring and whitelisting broken sender. 3 - Something else. -Raul Dias