Solution: Sender Policy Framework
Solution: Sender Policy Framework
Posted May 6, 2004 11:39 UTC (Thu) by copsewood (subscriber, #199)Parent article: 82% of email is spam
Some very good work is advancing quickly on DNS technology to enable domain owners to publish details of which addresses legitimate mail from their domains is allowed to come from. When enough people implement SMTP + SPF this is likely to make senders more accountable for what they send. Check out the SPF site for details. Any domain owner who can publish TXT records can help move adoption further and reduce the likelyhood that spammers will forge mail envelopes using their domain by publishing SPF records stating where you send your mail from.
This isn't a complete solution by any means, but it is likely to be a neccessary step in making a complete solution possible which doesn't break too many things worth keeping.
Posted May 6, 2004 12:07 UTC (Thu)
by hingo (guest, #14792)
[Link] (1 responses)
Posted May 6, 2004 16:28 UTC (Thu)
by Ross (guest, #4065)
[Link]
One thing I've always wondered about SPF is this. When more people start
using it, isn't it then just as easy for the spammers to make their worms
such, that they check the DNS record to learn what SMTP server they
should use and then send their mail through that server. The server has no
chance to realise that it is not the user of the computer sending normal
email.
Solution: Sender Policy Framework
Of course, if we have SPF, then we could start adding other things to
SMTP, like the server requiring a password before accepting mail. In
combination these kinds of techniques might do it.
Maybe. It depends on what type of authentication the server requires.Solution: Sender Policy Framework
Assuming the worst case, no authentication, it would still be an
inprovement because the messages would really be from the domain they
appear to be from. This makes it easier to contact admins, implement
filters, etc.