Setting SPF to prevent spoofing

S

success2be

Guppy
I saw there's a SPF setting to prevent spam spoofing.

Which of the following should I use?
fail: the mail is a forgery, and you can reject it with confidence.
softfail: the message could be a forgery.
pass: the mail is not forged, but that doesn't mean it's legitimate.
neutral: The domain owner has explicitly stated that doesn't know whether the IP is authorized or not.
 
Stephen said:
Most are using neutral or pass at the moment from what I have seen.
Click to expand...

What are the downside of setting it as fail? Will it be too aggressive and prevent my own users from sending mail through their own ISP SMTP server?
 
Yes, SPF on fail should prevent people from using other mail servers besides the ones authorized on the SPF record. Clients ISP SMTP servers included, but you can always suggest they use mail.theirdomain.com ..and if their ISP blocks port 25 (as many do), they can use port 587 as an alternative.

Keep in mind that SPF records only work when the Mail server accepting the email supports it and has it enabled.
 
You must log in or register to reply here.
Back
Top