> From the explanations there, and articles in other places, I quickly > decided it's inherently broken. One has to be aware of its strengths and weaknesses before implementing it, but the fact is that important and influential domains such as hotmail and google are adopting it. I had to start publishing SPF records on our DNS server when most (legitimate) mail from our domain was being flagged as spam by hotmail, because much of the spam received by them seemed to be coming from our domain, and hotmail had classified our domain as a spam mailer. Publishing SPF records, together with disabling forwarding (as I explain below) was a better and more realistic alternative than asking our users to stop communicating with hotmail addresses. This brings one of the main criticisms against SPF, that it breaks forwarding. That's Ok, I already stopped forwarding on our system, most users were forwarding spam anyway, and as consequence our domain was being flagged as a spam mailer. Users that really need to forward email can use the remailing mechanism instead, making sure that all mail is filtered for spam _before_ being remailed. That alleviates the problem of our domain getting a bad reputation for forwarding spam, but does not solve the fact that our anti-spam filters are at the verge of a DoS because of the amount of spam we are receiving. Just filtering spam is not enough, spam needs to be stopped if possible at the beginning of the SMTP session. That is why we need to implement SPF checking to. Of course SPF is not the final solution, but it may help to alleviate the problem. Miguel A. Lerma