My comment was, as stated, addressing SPF only, and under the assumption that SPF was fully implemented, as opposed to being used only for outgoing messages.

From personal experience with Authorize.net, as well as another ASP, I observed multiple instances where e-mail generated on behalf of a client merchant, bearing that client's name/e-mail address as the Sender, but sent from Authorize.net's server, was refused by recipients' e-mail systems which had adopted SPF, owing to Authorize.net not having implemented such.

__________________
The Penn State Ticket Man http://www.pennstateticketman.com
http://www.happyvalleytickets.com http://www.hounddogtours.com