It’s time to get technical, so I’ve finally got around to adding {SPF} to one of my domains. Being the cautious type that I am, it’s not actually a heavily used domain (in fact, due to the large numbers of Italian messages received in the past it currently only accepts three incoming addresses) but there’s nothing like testing things properly[1]

If all goes well I’ll start to roll it out over all of my domains, and then get nasty with my {exim} rules and simply bounce anything that fails my own personal {SPF} rules (ie: all those annoying/silly messages from ‘The Administration Staff at’ who tell me to run a .zip file to remove a virus). I might start to honour the {SPF} of others, but I’ll take my time and see how well it works/would help reduce rubbish.

[1] Ok I’ll come clean: testing properly actually means trying out a few boundary cases and then going off to do something else feeling 7 parts smug and 3 parts nervous (swap those portions if I’m doing it for money) and hoping it doesn’t break. Six months later review (by accident) the setup and feel proud that it worked if no-one complained – spotting a howling error which fortunately wasn’t triggered, or which prevented anyone complaining is optional at this stage.