Outside US such as where we are in Hong Kong, the problem is a lot worst. In this geographic region, there are only a few ISP available here so that someone spoofing your domain would have a good chance be spoofing using a similar IP address since it is less common for people to use a fixed IP address. This is particular true in dense population area if the "spoofer" used a dial-up. Because a lot of companies and user actually has no choice but to use SMTP server from ISP that provides the internet access versus the ISP that host the domain and web site, it makes it almost non-distinguishable for anyone to trace the real origins of these spammer. I believe that the absence of authentication in the SMTP protocol caused this problem.

Just a few months ago, I had all our emails bounce back from one of our customer because our customer's email filter companies black list all the email coming from a set of IP address that happens to be servers from one of the largest ISP in our region. I end up had to communicate by fax only and the email filter companies refused to open the block from our domain up until now as they can't tell if we are a spammer. I later discover that we had only a 1/4 chances for all the ISP that I can pick for our access to be black list from someone aboard. I think that the answer may be in the future when some better SMTP protocol that forces the use of authenication technology to distinguish real people from fake users.

Regards, George.