Slashdot Mirror
Spoofed From: Prevention
An anonymous reader writes "It looks like the next promising advance in the war on spam is here! Introducing SPF: Sender Permitted From. A draft RFC is still being written, but the idea is simple: we can prevent forged emails by having domain owners publish a list of IP addresses authorized to send mail from their domain. It's no silver bullet, but how much spam can we eliminate by preventing forged mail from spoofed domains? Maybe we really don't need anti-spam legislation after all? The SPF site is chock-full of juicy info for our reading enjoyment. Bon appetit!" Interestingly, the to-do list mentions the possibility of seeking a defensive patent on this scheme, too.
Better patent it quickly, before a spammer sees this and sends the paperwork in. The braindead US patent office will grant it, and then how will anyone be able to disprove the patent wasn't the spammers idea?
Where do you get off thinking that you have the same rights online as someone paying 3, 4, 5 or even 6 times as much as you?
I pay $250 a month for a 768 SDSL connection. The cost isn't just for the SDSL. Part of that cost is the routed connection, the SLA and the 32 IP addresses I have. Do you really think you should be able to run a mail server on your $40 a month cable modem connection? I certainly don't think so.
-sirket
If you'd like to play with the big boys, and toss email, you'll need to play on the same turf.
Amen!
The other thing I am completely sick of is people running their own mail servers just because they can. That gets old real quick. I stopped running my own mail server when I realized just how much time and effort it required to do correctly.
Just because you run Linux and can, sort of, configure Sendmail, doesn't mean you need to run your own damned mail server.
The biggest threat to email isn't open relays or proxies. The biggest threat is every fucking ninny out there that just has to run their own mail server and then does so poorly. If I want to receive mail from most of these idiots, then my server has to be willing to accept email from completely broken servers. In the end, that means spammers get through where I should be able to block them.
The one thing I completely do not understand, is that this is only dealing with outbound email. If the people who are complaining had brain one in their heads, they would configure their server to use their ISP's mail servers as outbound relays anyway. Why? Because it is more secure, it reduces the load on your server, and you do not need to do DNS lookups. Why would you want to bother with all the crap involved in sending an email when you can let your ISP worry about it (You could still have a local SMTP server that simply forwards to your ISP's servers). Nowhere in this article did the subject of inbound email ever come up.
Those people who actually know anything about SMTP actually pay for rack space and/or a real Internet connection.
When you have read and completely understand RFC 821, 822, 2821, 2822, 1034, 1035, 1123, etc. then come talk to us. Until then, go back to your Kazaa.
Completely sick of SMTP,
-sirket
And watch ISPs charge prohibitively for SMTP AUTH access from outside the network.
Will I retire or break 10K?