Let's suppose I run the mail server for example.com and the server is running Postfix on Ubuntu. There are two registered users, alice and bob.
Postfix receives an email from badhost.com like so:
To: [email protected] From: [email protected] ... Using the default configuration, Postfix happily accepts the email and delivers it to alice's mailbox. The email, of course, isn't actually from bob.
Is there a way to tell Postfix that it should not be accepting email falsely claiming to be from local address? In other words, alice should be assured that whenever she receives an email from example.com, it is authentic.
I wondered about forcing SPF but a lot of legitimate email comes from domains that don't have SPF set up.
DKIM. You can't force the others to sign their messages but you can sign yours (doubling the processing and bandwidth requirements).