In the bronze age, messages came in, signed bob@lamuella.com, and you’d simply have to assume they were from the Almighty Bob. Today, email is still technically in the iron age, but at least we have SPF.
In a nutshell, when lamuella.com enables SPF for their domain, they can be sure that other people, which mail servers check those records, will not receive spam mail with forged senders @lamuella.com. This also means email that passes this sort of check can be rated as slightly less spammy in automated spam filters.
To further elaborate on that, here’s what SPF is, does, it not and does not:
SPF IS/DOES
- Allow a host to verify that an email from an SPF-enabled domain was sent from a mail server that legitimately serves that domain.
- Prevent spammers from sending email from your SPF-enabled domain.
- Force your users to send their email through your (hopefully extra extra safe) server, thus forcing them to comply with your encryption routines and filters.
- Allow you to easily discard lots of spam mail, as such junk is often sent from forged domain names that happen to exist and have valid SPF records.
SPF IS/DOES NOT
- Allow your server to verify the sender address from non-SPF domains.
- Prevent spammens from sending email from your SPF-enabled domain to a recipient server that doesn’t inspect SPF records.
That said, SPF is easy to enable on Postfix, and I strongly urge you to do so if you haven’t already.
I found this handy guide, for Ubuntu, but it works just as well on Debian, and I archived it here in case the link is dead at the time you read this.