Why you should press your hosting company for SPF.
If all mail sending and receiving servers implemented SPF, we could knock a lot of spam on the head. Here's why and how...
SPF (Sender Policy Framework)
What is it? It's a declaration made by domains saying which servers they use to send email.
How can that help?
Imagine ben@mycompany.com sends you@yourcompany an email (it's come from IP 12.34.56.78). Your mail program contacts mycompany.com and asks: do you ever send emails from 12.34.56.78? Let's assume the email is legitimate and mycompany.com says yes. The email is accepted.
Now lets imagine a spammer sends an email purporting to be from ben@mycompany.com. It won't have come from the official source, maybe a server at IP addresss 66.66.66.66. Again, your mail program contacts mycompany.com and asks: do you ever send emails from 66.66.66.66 ? This time mycompany.com says no. The email is rejected. Simples!
Sadly...
There is a third response possible from mycompany.com which is equivalent to don't know and receiving mail servers can take this either way. Until all sending computers answer yes or no there will be the possibility for spammers to get their message through.
The radical in me would want to (a) check all email and (b) reject emails that can't for sure be said to come from the declared domain (reject on "no" and "don't know". Maybe that's a step too far at the moment but in the meanwhile...
ask your ISP to implement SPF checks on incoming emails
(our Group Servers do that by default)
More information...
...available at openspf.org.
