I don't understand, if a company have decided not to implement SPF
checking (although they have got as far a publishing their own SPF
records, how can this result in them causing "problems for everyone
else with those bounces"?
OK, there are three parties involved... There is a virus running on
machine X, which mails itself to Y, with forged headers, so it appears
to be from Z.
What frequently happens is that the actual receiver address is not
valid - "no such user", so the mail is returned....but it is
returned to Z. If Y did proper SPF checking, the message should
IMO have been dropped, meaning that Z would not have received this "spam".
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401