In <001101c3fa8d$b221d400$6401a8c0(_at_)FAMILY> "Hector Santos"
<winserver(_dot_)support(_at_)winserver(_dot_)com> writes:
I have a proposal/solution if you want to hear it. But I need to see you
agree it is a problem.
I'm not sure what your solution is, but you can always do an extra SPF
check on the SMTP client IP address and the null sender. Granted,
unless a bounce is being sent, it isn't the SMPT client that is
creating the email so some would say this check shouldn't be done.
However, you are free to do what you want with your MTA.
As others have pointed out, many MTAs already have an option to
validate the HELO domain. I think doing the SPF checking is better
than most of these options, but these MTAs didn't have access to the SPF
code when the options were created.
-wayne