The main purpose of SPF records is to determine whether an email was really sent by who it claims to come from in order to block or tag suspect emails. This can assist mail servers in handling both spam and worms. Another problem that can be reduced using SPF is the number of messages sent by spam and worm filters to people whose email addresses are being used by spammers and worms.
Yesterday, I got an email notifying me that a message I had sent may be infected with a worm. Upon investigation, it was clear that the email was not sent by me. First of all, it was a Windows worm, and I use Macintosh and Linux. Second, I never send email from the address it claimed to be sent by. Third, I've never sent an email with the subject that appeared in the email. Clearly, the worm had found that email address in someone's address book or from a webpage, and was using it to disguise its true source. Had the filter that sent me the notification check my SPF record, it would have known that the email didn't come from me, and could have avoided bothering me with the bogus notification.
I imagine over time, spam and worm filters will start checking these things, and we'll be spared the collateral damage that is currently caused by filters responding to forged email addresses.
September 13th, 2004 at 12:25 pm
You have discovered the original purpose of SPF: Preventing the "backscatter" from viruses, spam, joe jobs, etc. As I write this, more than 97700 domains have published SPF records in order to begin the process of implimenting SPF. http://www.spftools.net/register.php
More at spf.pobox.com