Neoteric Design attacked by spam through forged headers.

I found your blog post through a web search on forged/spoofed headers and I was wondering if you've had any success with dealing with your forged header issue. We are a local government entity and have been experiencing similar problems with spam being sent out to look like it's coming from our mail server. Spamhaus.org (or more specifically the "CBL") has been blacklisting us on average three or four times a week, despite our repeated assurances that these spam emails are not coming from our email server.
Any feedback or advice you might be able to offer would be greatly appreciated.

Thanks!

Gretchen Folse
IT Manager
Lafourche Parish Government

Gretchen,

Frankly, I have not had much luck. About once a week I receive a flurry of "blowback" bounced email notifications from the spammer abusing our email domain name. I have considered implementing Sender Policy Framework (see http://en.wikipedia.org/wiki/Sender_policy_framework, or http://www.openspf.org/Introduction); Google's mail service (which we use and recommend) makes this fairly straightforward. Its goal is to highlight when an email IP address is spoofed as above. However, it's unclear to me that SPF is a great solution. It's still the receiving mail server's responsibility to confirm that the email is authorized, and apparently this is not yet standard practice. In addition, it requires a static IP address, which we do not have when mobile, and can cause problems with currently successful mail delivery. I'll be interested to hear more about your experiences.

Nick.