So you ask what is SPF? SPF (Sender Permitted From) is an anti-forgery method used with SMTP which stops people trying to send from your domain. Not designed for stopping spam, but helps reduce the amount of spam as well (stops people sending from other peoples domains). Spammers can add SPF records to their domains yes, (repeat: SPF doesn't stop spam but does a good job of it) but in the future may be improved to include trust factors (ie domain and SPF has been only around for 2 days and its sending 1000 emails to me... strange) There are quite a number of anti-forgery systems around at the moment, and the main ones are SPF, Sender-ID (Microsoft) and DomainKeys (Yahoo), SPF at the moment is the largest used worldwide. (over a million domain names having SPF records) The uptake in New Zealand is pretty small at the moment, but ISP's are starting to add SPF records for their domains. Xtra have added SPF rules for the xtra.co.nz Domain: v=spf1 ip4:210.86.15.0/24 ?all (host -t TXT xtra.co.nz) IHUG have added a SPF rule for ihug hosted domains to include: eg v=spf1 include:_spf.ihug.co.nz -all (host -t TXT _spf.ihug.co.nz) And a lot of Domains (see http://spam.co.nz/spf/working/) have started to add SPF Rules . This list is no where complete at the moment for .NZ (or other domainnames). Also quite a number of NZ domains have broken SPF records for various reasons which (if an ISP is testing for SPF will reject and cause bounces), so its quite important to make your rules correct (see http://www.spam.co.nz/spf/broken - This list is also quite imcomplete) I'm not saying SPF doesn't have its problems, but the major problem (at the moment) is forwarding emails . Ie user(a)ispa.com sends email to user(a)ispb.com and it gets forwarded to user(a)ispc.com. . If user(a)ispc.com checks for SPF it will fail as the user(a)ispa.com email address is coming from ISP B's email server. BUT mechanisms like SRS fix this problem. Mostly importantant is before SPF records are set up for a domain you must know how you users are using your domain. So maybe you think SPF is just something kids play around with and it will never be used for anything important and no one cares about it which is not so as its gaining momentum like just recently the IANA just gave SPF its own DNS RR (SPF) (see http://www.iana.org/assignments/dns-parameters) which will be used instead of the TXT records in the future to SPF records (maybe SPF v3 will use it only) More information can be read at: http://www.openspf.net/ and the mailing list and other information can be read at http://www.openspf.org/ Thanks Craig Whitmore www.spam.co.nz