Visit www.openspf.org for more information on this technology.
It is held within a TXT record for the domain. You can query this with the host command under Linux/POSIX.
$ host -t txt [victim].com
[victim].com descriptive text "v=spf1 a mx include:[victim].com"
Consider adding SPF records to allow MX records to send email.
SPF helps prevent forging of the FROM address on the receiver end.
Customer MTAs which support SPF will reject fraudulent emails because the SPF record will not match the spammers IP source addresses when forging @[victim].com FROM addresses.
The version of Outlook Web Access contains a URL redirection vulnerability. However, this would require user interaction to be abused such as embedded URL within an email that is clicked on.
It is possible to provide an arbitrary "url" value.
Informational only. Microsoft expects this to be resolved in Exchange 2007.