<terry(_at_)ashtonwoodshomes(_dot_)com> writes:
Little company spammer.com buys a DSL account from bigisp.com. He knows that
abc.com is also using
mail.bigisp.com by examining abc.com's spf record (that's why he bought the
DSL account from
bigisp.com). Now he sends a spam, faking the from address as
whatever(_at_)abc(_dot_)com targeting
victim(_at_)spamtarget(_dot_)com
If mail.spamtarget.com has SPF installed on his mail server, does he have any
SPF way of rejecting
those emails, because, after all they appear to be coming from the correct
mail server for the
domain abc.com
Which is a very good argument (whether or not SPF is used) for abc.com
to run their own MTA (or send email direct to MX from their host(s))
rather than relay mail via bigisp.com. Both authentication and
accountability would be a lot easier if all domains sent email from
hosts in their own ip space rather than relaying through servers which
service multiple domains. For DSL (unlike dial-up) there is no good
reason to provide dynamic IP addresses.