I choose not to test for spf on inbound mail, at the moment.
At this stage I only use SPF on inbound to increase an overall spam score - not block it outright.
If you're having trouble getting your email to folks because you've published an spf record that's wrong, fix your spf record. At that point you've done the right thing and the problem is no longer yours?
Even if you do everything right with SPF, the problem *is* still yours if the company at the other end is misconfigured. This is because they are an entity I, or my staff, or my clients, need to be able to email. To make matters worse, these companies often have no dedicated IT staff and you have to move the earth to find out who you can talk to when you need *them* to do something to fix it... -----Original Message----- From: Mark Foster [mailto:blakjak(a)blakjak.net] Sent: Thursday, 22 July 2010 9:22 p.m. To: Regan Murphy Cc: SIMON WALKDEN; Mark Wakefield; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] SPF Mail rejection SPF for your own domain helps get past some of the more annoyingly twitchy providers out there - yahoo springs to mind. A record such as the one i've put in, can help: ;; QUESTION SECTION: ;blakjak.net. IN TXT ;; ANSWER SECTION: blakjak.net. 7200 IN TXT "v=spf1 a mx ptr ?all" note ?all. Doesn't enforce an absolute match. I choose not to test for spf on inbound mail, at the moment. Like any anti-spam measure it's merely part of the solution (a means to verify that mail is coming from whence it is intended, on the presumption that the admin for the domain is the one modifying the DNS) but that's all its for. Sender verification. With that in mind it's _not_ hard to quantify the benefit. It's just that many folks misinterpret or misunderstand the signifiance of what spf delivers. If you're having trouble getting your email to folks because you've published an spf record that's wrong, fix your spf record. At that point you've done the right thing and the problem is no longer yours? - Mark