Trying to solve an issue whereby spammers forge the From: header along with the sender address to make it appear mail is being sent from our mail server.
The recipients (always a group, never single recipient) bounce back the message to us as spam; as a result their ISPs are penalizing our mail server’s IP rep (via SenderBase et al) and/or the receipients are reporting us to their ISP.
All this despite the actual sender being [email protected][email protected] (i.e. spammer ip is the real sender). Currently Verizon has blacklisted our mail server IP and we’ve received a couple of warnings from AOL as well.
My question is, why is SPF not working? We have
v=spf1 mx ip4:our-mail-server-ip -all
setup for all mail users, and PTR on mail server and mail sender domains.
I’m particularly interested in knowing if there’s a loophole where a spammer is able to append their IP to a valid [email protected]_domain address thereby tricking remote mail servers into seeing our_domain as the actual sender. I suspect not, but putting it out there in case anyone else has noticed this spammer technique showing up in their maillog.