I was thinking about adding spf checking support directly in the MTA.
This would allow messages that fail spf to be instantly blocked.
However, I noticed that many maillists (sourceforge's ones included) set
the MAIL FROM to the original sender address.
If the senders domain is spf enabled, it will generate an SPF_FAIL
error.
Also, many webservices (like contact forms, php generated messages)
forge the sender address (usually to the recipients address).
How do you guys deal with this?
1 - Dont enable spf at mta level (leave it to SA)
2 - Enable spf at MTA, but keep monitoring and whitelisting broken
sender.
3 - Something else.
-Raul Dias
