Hi Blog Readers,

Every now and then I seem to have one of those low life Viagra sellers using my domain for spam emailing people.

I have done everything I can think of to try and prevent then from doing this, but they seem to keep doing it.

I just wondered if anyone out there new of a way to stop them?

The headers from one of the bounce backs look like this:

Return-Path: <[email protected]>
Received: from rctp.telecomitalia.it (host49-133-dynamic.52-82-r.retail.telecomitalia.it
[82.52.133.49])
       by mx.google.com with SMTP id o8si307731weq.161.2010.07.23.05.33.53;
       Fri, 23 Jul 2010 05:33:59 -0700 (PDT)
Received-SPF: fail (google.com: domain of [email protected] does not designate 82.52.133.49 as 
permitted sender) client-ip=82.52.133.49;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does 
not designate 82.52.133.49 as permitted sender) [email protected]
Message-ID: <[email protected]>
Date: Fri, 23 Jul 2010 14:33:52 +0200
From: Garnett Mckinnie <[email protected]>
MIME-Version: 1.0
To: NAME REMOVE <[email protected]>
Subject: Where we are well established we are

As you can see from the headers, I have setup the SPF record and it is receiving a "hardfail"

We are using Google Apps for our email hosting, so you'd kinda hope that they have got things pretty much secured down, so what I am missing? Or is it always going to be possible for other people to fake sending emails using another domain?