After getting hit by a failure notification emailflood again I went to the owner of my host looking for a solution. He came up with a rather simple one:
SPF (Sender Policy Framework)It's a lot of technical mumble jumble but it does something I thought should have been done for a long time now. It checks whether the original sender is indeed allowed to send mail according to the domain the mail is supposed to be coming from.So if the ip 32.37.34.27 sends an email with a qfox.nl address as recipient, the supporting mailserver will now first check qfox.nl whether or not that ip can actually send mail for qfox.nl. The reply is a big 'no' and the mailserver denies the email because only the qfox.nl mailserver may be used.Apparently it's not implemented 100% but it does explain to my why in every gmail mail I saw this in the headers:
Received-SPF: neutral (google.com: *ip* is neither permitted nor denied by best guess record for domain of *emailaddress*) client-ip=*ip*;Authentication-Results: mx.google.com; spf=neutral (google.com: *ip* is neither permitted nor denied by best guess record for domain of *emailaddress*) smtp.mail=*emailaddress*
(*ip* and *emailaddress* were removed from the original message)This actually means that the domain doesn't support SPF, not that sending is not allowed. If it is checked and was allowed you'll see the following message (like now in mail from qfox.nl):
Received-SPF: pass (google.com: domain of *emailaddress* designates *ip* as permitted sender) client-ip=*ip*;Authentication-Results: mx.google.com; spf=pass (google.com: domain of *emailaddress* designates *ip* as permitted sender) smtp.mail=*emailaddress*