Does SPF Really Help Curtail Forged Email Headers? 90
Intelopment asks: "My Domain name has recently been used a lot in the 'Reply' field by some inconsiderate spammer, and my ISP has suggested that I consider using the Open SPF service as a way to stop spammers from using my domain name for in their mail headers field. From what I can tell, it requires the receiving mail server to actually participate in the SPF service, which is where I have my doubts. Does anyone have any experience with this service? Does it work? Are many ISPs using Open SFP?"
Re:It Improves Your Fun (Score:1, Insightful)
Consider Gmail for your Domain (Score:3, Insightful)
https://www.google.com/a/cpanel/domain/new [google.com]
I had these sorts of "Joe Jobs" against my domain for 2 years. The last straw was when I actually had a client upset at me over spam sent on my behalf from a different server. I explored a lot of different ways of stopping it, and ultimately arrived at moving my MX records to Google servers as part of the above Google Apps for your Domain. It uses SPF, and presumably Google's other tools they use to protect core Gmail users. The Joe Job emails stopped (I'd repeatedly get emails about send failures sent to me in regards to the Joe Jobs prior, and the occasional complaint). Not 1 more complaint or send failure notification.
Comment removed (Score:3, Insightful)
Yes they work - kind of (Score:1, Insightful)
SPF records are in no way a perfect solution (though if everyone implemented it it'd be good enough), however it is pretty much the ONLY solution that is effective at all at this point. They cost nothing and they benefit you and the millions of people who will not be receiving the SPAM because of the SPF records. Do it, do it now, and tell everyone else you know to do it too. The more people that use them, the more likely the providers are to implement it.