Slashdot Mirror

← Back to Stories (view on slashdot.org)

SPF Design Frozen

Posted by timothy on from the are-we-acquainted dept.

Eric S. Smith writes "SPF, previously mentioned here, is a step closer to becoming a real, live RFC. We are encouraged to publish SPF records and thus to hasten the beginning of the end for annoying spam forgeries. SPF describes DNS TXT records that define the hosts authorized to send mail on behalf of users in your domain. Sites can then consult your SPF records and reject spam forged to look like it comes from you." (SPF stands for "Sender Permitted From.")

3 of 105 comments (clear)

  1. Semi offtopic, but... by Kethinov · · Score: 2, Interesting

    I've always wondered how a spam filter system based on authorization might work. Your mail server could automatically send out a verification request to the email address that sent the email, then if the email address exists, an authorization would be sent back to your mail server. All mails that weren't confirmed by a returned authorization could be automatically deleted. This way, you could only get mail from active email addresses. Could cut down on email spoofing because anyone spamming you would have to use a real email address which would allow you to complain to the domain owner. Of course, all mail servers in the world would have to be upgraded to this new protocall for it to work, or everything would be considered spam.

    Does any of this make sense?

    --
    You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
  2. AOL and hotmail don't gain? by jtheory · · Score: 2, Interesting

    Imagine how this might increase AOL's or hotmail's network traffic, while they gain nothing from it.

    Well, they do gain, actually -- if the plan works, it will blot out quite a lot of spam. AOL and Hotmail spend an astronomical amount of money dealing with spam in the current situation (it doesn't help that lots of spammers forge AOL or hotmail return addresses... I'm sure those bounces crank out the bandwidth required). If they need to pay for more bandwidth and more servers to support SPF, I have to imagine that will be much cheaper than the manpower they have to support to fight the problem now.

    Besides, how much extra bandwidth is really involved? Wouldn't it work like other DNS records, and be cached all over the place?

    I don't know enough about the technology to properly address your second point... but I think because we're dealing with DNS servers here (instead of needing to contact the mail servers) this may actually work out. Sure, some people run mail servers from home, etc., but DNS is usually provided free by an ISP; there are also free DNS hosts.

    Either way, I'm rooting for it. Spam is killing email.

    --
    There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
  3. Ok - RFC ? I don't think soon by MerlynEmrys67 · · Score: 2, Interesting
    This should become an informational RFC - it could be published within a month. As experimental - I don't see it surviving the IETF Last Call process. Way too many operational people that don't like mucking with DNS records - too man spammers that wouldn't like it.

    If they couldn't get consensus inside the IRTF's spam working group, what makes them think they can get it in the IETF community at large (I love the note to the RFC editor - HA)

    --
    I have mod points and I am not afraid to use them