Spam Assassin 3 comes with a builtin SPF record checker, so it would make sense to publish SPF records for domains. Or would it?
This domain has now got a simple set of SPF records which I setup using a couple of the online tools to generate them.
If you want to see how many domains are publishing SPF have a look here. Although it is not a definitive listing it does give some indication of the number of records published, including some of the higher profile sites.
Gmail checks for SPF, so you will see results in your headers:
Received-SPF: neutral (gmail.com: xxx.xxx.xxx.xxx is neither permitted nor denied by domain of xxxxx@xxxx.com)
The key with SPF is the scoring. If you explicitly set your SPF records to a limited number of hosts/IPs then any mail purporting to come from your domain will be checked against its SPF record. If the sending IP/hostname is not in the SPF record then the receiving MTA should not "trust" it.
Will this lead to a reduction in spam?
No, but it should help to cut down the amount of spoofed junk hitting people's mail boxes.
If you publish SPF records for your domains you *should* be able to reduce the likelihood of you r domain being used in a "joe job". At least that's my understanding of it.
If you need help in setting up SPF records then look at:
There is a lot of debate surrounding SPF in general, but some good articles like this one make it very clear.
Leave a Reply