Sender Policy Framework

VividWeb

VividWeb

Perch
Spam filters now stop 20% of commercial email. More and more people are like me. They're getting sick and tired of the constant rubbish that fills their inbox. (A very simple way to stop spam is this: stop buying stuff from sites that spam you. The only reason that spam is around (and growing) is because it works. If it didn't work, it wouldn't be such a huge problem.)

A few weeks back, Microsoft announced that beginning October 1, 2004, it will check for SPF records in all email coming into its Hotmail service.

So, just what is "SPF"? Sender Policy Framework (SPF) is an email authentication scheme. According to the official Website (http://www.spf.pobox.com), the SPF:

"Fights email address forgery and makes it easier to identify spams, worms, and viruses. Domain owners identify sending mail servers in DNS.

"SMTP receivers verify the envelope sender address against this information, and can distinguish legitimate mail from spam before any message data is transmitted."

If you have a decent number of Hotmail addresses in your opt-in email list, you'll need to check this out.
Click to expand...

This is from the latest version of the Sitepoint tribune.

If you follow the link above to the SPF website, there is a wizard that allows you to create a SPF record. Is there anyway to add this information to the DNS zone for a specific Domain name? Are we going to be able to implement this feature with Jodohost?
 
On a related note, there is also a system to prevent your mail from being incorrectly marked as spam. Habeas Sender Warranted Email. It's in use by several spam filtering software packages (including SpamAssassin) now and involves adding a few e-mail headers to every email you send out.

How can you prevent spammers from adding these headers as well? You can't really, but the funny part is that if a spammer does add these headers, they are in breach of contract with Habeas (if they ever requested permission to use the headers) and they're violating Copyright law.

Copyright law is pretty well defined in most countries, even the 'obscure' ones. If someone reports spam to Habeas with their headers in it to them, they have a solid legal case and authorities can be used to track down the spammer and sue him.

So far it seems to work, I don't receive any spam with these headers in it. Since I receive 200+ spam mails a day that's saying something I think ;)

Of course, the question is: do I need this?
For personal mail you probably don't, unless you like to discuss about v1agra with people :D
Commercial Email is allowed to use this header though, provided people actually signed up to your email list and confirmed this.
 
SPF looks like a good idea, but there are some problems.
Firstly, it will only actually help to fight spam if everybody uses it. It's easy for the spammer to check if a certain domain publishes SPF records, and if so just choose another domain to forge email from.

Secondly, consider JodoHost's situation for example:
I'm a JodoHost customer and I have email addresses on mydomain.com. If JodoHost or I want to use SPF on this domain, they list their mail server(s) as valid sources for email from mydomain.com. However, I use my ISP's SMTP server for this instead, which is currently my only option as my ISP (and many others) block SMTP to any server but their own.

Therefore, JodoHost would have to list all my ISP's mailservers as valid sources for mydomain.com. The problem is, I don't even know what my ISP's mailservers are (they have a handful of them) and I certainly don't know when they might decide to change IP address on one of them or add another server.

So realistically SPF can only be used by JodoHost for people that actually use the JodoHost SMTP server to send their mail, which severely limits it's usability. Now look back at my first point in this post...
 
I didn't look at the ISP thing a whole lot but when I was glancing through it I saw a step to add your ISP to the SPF text string, and it was adding a domain not an IP.

I think the biggest problem with all of this is there are too many companies doing different things. There needs to be a standard developed so that there is consistentancy among all mail systems.

The other problem with this is that with Hotmail you are not going to have a choice, this starts Oct 1 with them.
 
You must log in or register to reply here.
Back
Top