I was always interested how sites like spamarrest work. Hard to implement, but worth to try.
we are using exchange 2010 and google apps both.
we have mail flow like internet to exchange 2010 to google apps ( if email id not found in exchange 2010 then only)
we have added the spf records with the entire subnet of ISP we are getting.
still in header it shows spf: fail
By the way: It is almost 2014 now, SPF is still not as widely accepted as it would need to be for any effect. SPAM is largely uneffected by it. SRS is also not really adopted (because it is a pain in the ass), so the same old problem mailforward for a few users remains, which gets more annyoing in the time of the NSA spies.
So my conclusion and recommendation is: Do not use SPF and don't publish any SPF records. Use domainkeys if you need to prevent sender spoofing, but don't be tricked to believe it would help against SPAM. It is just creating much less collateral damage.
That is really nice to hear. thank you for the update and good luck.
Give your comment:
The sum is to prevent spam. Type your comment below.