On Wed, Feb 09, 2005 at 08:57:41PM -0500, Nico Kadel-Garcia wrote:
SPF should only be checked on incoming mail, not outgoing mail.
It sounds like you are also checking it on outgoing mail.
Why wouldn't you check outgoing? Forgers and email worms can certainly be
active *inside* your network, so checknig outgoing email will inform you
the administrator very quickly of any issues. Checking outgoing email has
to be done carefully, so legitimate clients are permitted, but this is what
SPF whitelists are for.
In this particular case, the owner expressed he'd rather not
include all of his clients in the SPF record.
_IF_ he's going to do outbound checking (which I doubt) then
it would have to be with a "fake" record (perhaps in an
internal DNS). Who's going to set that up?
I do not think your idea is bad. I just don't think it is
for everyone...
alex