Hi !!
example.com. IN TXT "v=spf1 ip4:192.168.1.1 -all"
mxsender.example.com. IN TXT "v=spf1 ip4:192.168.1.1 -all"
And configure your MTA at 192.168.1.1 to say "HELO mxsender.example.com"
instead of "HELO example.com". Mail not from 192.168.1.1 is forged anyway,
whether is says "HELO example.com" or not.
this does not prevent anyone to use HELO example.com
That is true. But if someone (a forger) uses "HELO example.com", then the
SPF result will be "Fail" (because the mail did not come from 192.168.1.1)
and the mail will be rejected.
and also any mail with a example.com envelope sender forwarded by
any forwarder that does not use srs (almost all) will be rejected
--
best regards ...
It's a fine line between fishing & standing still
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------