The whole point of SPF is to enable postmasters to detect and deal with (read that: discard) messages that have an invalid point of origin.
It may not always happen but we should at least have the ability check if a message is valid before we spray the spam trap with backscatter.
When it's in my hands I'll always reject a message before accepting it for delivery if it fails SPF, BLACKLIST or other authenticity/deliverability checking. This leaves the what to do in the hands of the mail server that has already accepted the message to deal with and at least saves having to generate a bounce message later - one less problem is one less thing to do.
Joe McPlumber - 2009-04-01 17:55:39 - In reply to message 2 from Manuel Lemos
It's not exactly easy to set up an SPF record, especially from within a shared server environment. WHM/CPanel et. al. could make it as easy as pushing a button, or entering a record automatically when a domain is created. Not something cryptic and geeky like "define an SPF record" but plain words like "Prevent Spam Sent from This Domain". So maybe the people to talk to are the ISPs and the server control panel developers.
Microsoft has a nifty little Wizard, microsoft.com/mscorp/safety/content ...
but here again you only get the record itself and no clue what to do with it other than MS's usual advice to "give it to your network administrator".
I'm saying if you want to encourage adoption of a given technology, you've got to bring it to attention in layman's language and then make it easy to implement in layman's language. I'm a life-long geek, and still don't quite understand DNS because I can't know everything.
Manuel Lemos - 2009-04-01 22:19:45 - In reply to message 3 from Joe McPlumber
Joe, if you use shared hosting you are not the one to enable SPF support for discarding incoming invalid messages. That should be something that your ISP should implement on the mail servers that receive messages for the all the domains they host.
If you want to avoid that spammers forge messages with your own domains, you need to set the SPF TXT record in your domain DNS. That is a good idea, but that is not the problem with UCEProtect. They should be the ones to set the SPF records on the spam trap domains they handle.
In any case, if you want to learn more about setting SPF records for you domains, check out this site:
Karen Stingel - 2009-12-17 02:47:06 - In reply to message 4 from Manuel Lemos
... if you want to learn more about setting SPF records for you domains, check out this site: openspf.org/
The link above is no longer operational ...
I was able to access Google's snapshot of the page as it appeared on 8 Dec 2009 11:07:44 GMT. 220.127.116.11/search?q=cache:http://www.openspf.org/