From the definition of SPF, SPF only authorizes IP address. For one of our domain name, we have created an SPF record to allow only A
and MX
IPs as genuine sender. This domain is hosted in a shared-hosting environment along with many other customers.
In such setup, owners of other domains on same host can spoof my emails easily. Is there any way SPF still work?
(correct me if my understanding abt SPF is wrong)