Krasser said this data is published using the same system that maps host names to IP addresses, which means that when a third party receives an email from a particular mail server, it can retrieve the SPF record for that host name and see if the mail server trying to deliver the message is listed as a valid sender for that domain.
The second suggestion focused on another open standard: Domain Keys Identified Mail, or DKIM.
Like SPF, DomainKeys also requires users to publish a record for their domain names, but when you send a message, it is cryptographically signed by your outgoing mail server. The receiver of your email can then check whether your signature is valid by retrieving the domain key record for your domain.
Because spammers cant produce valid signatures, their messages will be identified as spoofs.
In both cases, its like the post office which stamped your letter must be in a pre-approved list to send letters with your postal address, he quipped.
Armed with these two standards, I feel like Ive beaten my spoofer once and for all. Sure, complying with the two new standards slows down my email a bit, and yes, haters, both efforts require widespread adoption to ever make that much of a difference.
At this point, however, after surviving a terrible spoofing attack, Ill take all the help I can get.