Replies

It is relatively simple to forge a return address on an e-mail, and spammers do this regularly.

I have been unlucky enough to have an email address picked up by a spammer on more than one occasion. The result is thousands of e-mail being “returned” to the forged return address. Un-deliverable e-mail; messages from the brainless Barracuda Anti-spam firewalls; irate readers of the e-mail; etc.

At the time, I used a hosting company for my e-mail and forwarded to my ISP e-mail account. The result of all the e-mail coming back to me and the seriously flawed reasoning of my ISP and hosting firm:
– My ISP designated me a spammer
– My ISP designated my e-mail hosting company as a spammer and blocked all e-mails from my e-mail hosting company to my ISP
– My e-mail hosting company designated and blocked many major ISPs as spammers

I switched to a hosting firm where I can use the Sender Provider Framework (SPF). Please see http://www.openspf.org
If a return address is forged, a spam filter can test if the address is forged. For example, Span Assassin – that is widely used supports SPF testing
My domain includes the following DNS record:
“v=spf1 include:nameofthehostingfirm.net -all”
says that only nameofthehostingfirm.net is the only legitimate source of e-mail for my domain. -all means all others are forged.
It also depends on my hosting firm not allowing any of there other users to use my e-mail address. In my case, they enforce this as well.

Sadly, few major ISPs support SPF