I read that SPF (Sender Permitted From) is being incorporated into spamassassin 2.70. Since the idea is to not accept (reject after HELO step) any message that fails the SPF test, I conclude SPF can't be used by MailScanner. It can be implemented in postfix, exim, sendmail, etc before MailScanner sees the message. Is this a correct summary? hermit921