but what will I say them when they´ll see
mails "comming" from a subdomain of the real domain that the mail
claims to be from and no checks failed?
As others have pointed out, SPF is not for end-users. If you desperately want
them to make sense of SPF checks, make sure you tell them that not failing SPF
means exactly nothing; it definitely does not mean the emails passed SPF, or
anything else that should give you extra reason to assume the domain is not
forged.
If you believe they are really clever, you may consider telling them that in
case of important emails, not passing SPF is a reason to be extra suspicious.
But I personally wouldn't go there, even if the users had invented the Internet.
Martijn.
________________________________
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg