SPF is great in helping identify if an incoming e-mail is forged or not.
Imagine a server connects to yours saying "I send mail from
Bill.Gates@microsoft.com to your firstname.lastname@example.org user". Until now, you had to
deliver those, trusting ALL servers on the bad-bad Internet. With SPF, you
can look @microsoft.com if it allows that specific server to send mail
from microsoft.com, and if not, you can just drop the connection.
This way, lots of forged e-mails are prevented, resulting in fewer
problems (here on our servers, YMMV). I've had the problem once that
somebody sent in my name a bad e-mail to our customers - but since SPF
that problem is gone.
The "only" downside is e-mail forwarding. I've had some itches, and it's
not really nice. SRS is too complicated. But until somebody gives me a
better/easier/nicer way to prevent forged e-mails, SPF is my protection of
choice. I'd recommend you turn on checks to SPF on your mailserver, and
see lots of forgeries being dropped.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds