"Chris Haynes" <chris(_at_)harvington(_dot_)org(_dot_)uk> wrote:
My understanding is that SPF records declare the policy of the
_sender_. If the sender trusts the shared MTA to verify all
originators and to prevent cross-customer spoofing, then the sender
can use something like '+mx -all' and the receiver should respect
the sender's trust in the shared MTA s/he uses.
In that case, the recipient has checked with the originator, and has
information by which to decide whether or not to trust the shared MTA.
And yes, "originator trusts the shared MTA" still may mean that "the
message may be spoofed". This indicates a weakness in any MAIL FROM
authentication. when shared MTA's are used.
Alan DeKok.