AOL Tests Sender Permitted From / E-mail Caller ID
securitas writes "ZDNet reports that AOL is testing Sender Permitted From (SPF), 'an antispam filter intended to accurately trace the origin of e-mail messages.' AOL is performing the widescale SPF test with its 33 million subscribers worldwide. The system works by letting recipients use the SPF record to cross-check DNS data associated with AOL's IP addresses and confirm that the message originated from AOL's servers. The system is one of three competing e-mail authentication protocols. The other IP-identifying protocols are the Designated Mailers Protocol (DMP) and Reverse Mail Exchange (RME/RMX). All systems alter the DNS database to let e-mail servers publish the IP addresses that they use to send e-mail."
Seriously. Are you people really getting so much spam every day that the "delete" button just doesn't do it for you?
In short, yes.
The biggest weakness of this system is that it doesn't protect against some user's system sitting on a broadband DSL/Modem line that has a Trojan Horse used to e-mail the spam. AOL's system probably would only encourage more viruses/worm designed to make computers email relays.
Of course if all non-business accounts were prevented from hosting an SMTP server that would help solve that problem, but I don't think that would go over very well with the Slashdot crowd. I'm not even sure where I stand on that issue.
Ok, I give up, why you?
I think the problem is larger than the few annoying emails people get everyday. There's two things to consider.
1) Cummatively, spam is not just a headache but can be resource draining. Getting 10 or so a day for ten days if I don't check email leads to 100 emails. It would be one thing if it affected me but I'm not the only one that uses my mail server or ISP. It bogs down the mail server that I use whether it's my work email or my personal one. At work, my company has to dedicate resources to fight spam which costs companies money. My only effective choice right now is to abandon my email address every year so I don't get spam for a while.
2) Spam is not discrimating. Offers that are sexual in nature may be innocuous to me, but for parents that's another matter. They want their kids to learn email but can't do much to protect them from this content besides not use email.
Well, there's spam egg sausage and spam, that's not got much spam in it.
If the SPF record (which will contain the IP addresses of AOL's mail servers) doesn't match the originating IP address of the mail message (as in, a spoofed header) the message is invalid.
So, in essence, AOL has decided that it's customers can no longer send mail from their AOL email address, unless they're logged into AOL.
This does not bode well.
I don't use AOL, but if MY ISP decided that I could no longer use my personal email address while I was at work (or at an internet cafe, or whatever), I'd be pretty pissed.
Seriously. Are you people really getting so much spam every day that the "delete" button just doesn't do it for you?
Really, now, junk mail is just not that pressing an issue to me. And I can't see why/how it's such a huge issue for anyone else.
Let me explain it to you.
Yes. I personally receive over 5000 spam messages a day. Thanks to the very clever spammers who are getting better at circumventing spam filters, I'm seriously considering moving to a white-list, and even that may not stem the tide. Part of the problem is with false-positives and the fact that people don't know how to write a proper subject line. Sometimes legitimate and very important messages have been contained in messages with subjects and other message body content that can resemble spam.
As a test I have set up e-mail addresses that I have never used or publicized in any way at a number of domains and providers. Guess what? Within days (sometimes hours) spam lands in those mailboxes, too, and based on the user/account names that I set up, I know it's not because of a simple dictionary attack.
Just because you don't personally experience it (consider yourself among the lucky few) doesn't mean that it's not a real problem. FYI, SPF is not (strictly speaking) from AOL. It's just being rolled out on a massive scale by AOL, which should be a good test of the technology.
I don't know if this is the right move, but something has to be done to eradicate this plague and its carriers.
We've been waiting for an anti-spam standard for years now. What do we have? Nothing.
It's about time someone with clout got up and started making decisions.
I have 4 blocklist on my email server, and still we get a ton of spam everyday. My users hate it, I hate but we have to deal with it whilst the IETF works out their political agenda.
PS. I've also been waiting for the Calendar Access Protocol for a while now. Years, where is it? We're on draft 11 now.
Sometimes design by commitee plain sucks; and we just have to admit that.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
The problems with Yahoo's Domainkeys, are as follows:
I think SPF is a far better better proposal for this kind of thing.
SPF support for most open source mail servers can be found at libspf2.
All variants of "Make it computationally expensive to send e-mail!" prevent all mass mailings of all kinds... not just spam. You're tossing out a few babies with the bath water, that's just not a working solution.
/. because most geeks have more processor cycles than dollars, but at least cash has a more stable value over time...
Besides, there's not much stopping Spammers from just buying the processing resources they need. Whatever meaningless task is picked, development would immediately start on making that puzzle easier to solve. You'd start seeing processor chips dedicated to the task...
Being cash-expensive is less popular on