SPF

  • Thread starter Thread starter John Coutts
  • Start date Start date
J

John Coutts

Looks like the Internet community is finally going to do something about the
proliferation of Spam and Virus's spread by email. Sender Permitted From will
require ISP's to declare legitimate email servers on their network. Mail
servers that choose to implement SPF will reject mail that is not from an
advertised mail server. Implementation will be phased in with a Global Sunrise
Date of July 4th, 2004.

http://spf.pobox.com

It's about time!

J.A. Coutts
Systems Engineer
MantaNet/TravPro
 
Watcha!

Great news!

Jabber

P.S. Just as I was about to send this post, I got three e-mails which
Norton caught all with virus' attached - you know the ones "Net Mail
Storage" or something.

Cheers
 
John said:
Looks like the Internet community is finally going to do something about the
proliferation of Spam and Virus's spread by email. Sender Permitted From will
require ISP's to declare legitimate email servers on their network. Mail
servers that choose to implement SPF will reject mail that is not from an
advertised mail server. Implementation will be phased in with a Global Sunrise
Date of July 4th, 2004.

http://spf.pobox.com

It's about time!
Click to expand...

Lets hope this is not what will be chosen. Spf will cause a lot of
legitimate uses to fail, without delivering it's promise of
significantly reducing spam.

The spf illusion is build on the assumption that spammy will not be able
to provide the spf records for the hosts it uses to send out its junk.
The spf records are supposed to be in the zone of the domain in the
mail-from address. This address is controlled by spammy, the zone file
is under control of spammy and with domain names for less then $10,= it
can afford to register a new zone for every major spamrun it makes.
 
Lets hope this is not what will be chosen. Spf will cause a lot of
legitimate uses to fail, without delivering it's promise of
significantly reducing spam.

The spf illusion is build on the assumption that spammy will not be able
to provide the spf records for the hosts it uses to send out its junk.
The spf records are supposed to be in the zone of the domain in the
mail-from address. This address is controlled by spammy, the zone file
is under control of spammy and with domain names for less then $10,= it
can afford to register a new zone for every major spamrun it makes.
Click to expand...

It could well get messy but early signs are that it's effective. Habeas
"Sender Warranted Email" approach could make taking legal action against
spammers more effective... http://www.habeas.com/

Andy.
IT Guy.
 
It could well get messy but early signs are that it's effective.
Click to expand...

What early signs? Is this system being tested on a large enough scale to
make it interesting for spammy to try and circumvent it?
Habeas "Sender Warranted Email" approach could make taking legal action
against spammers more effective... http://www.habeas.com/
Click to expand...

I don't understand what Habeas has to do with this spf thing? It appears
they provide a service to businesses so they are able to send mailings,
provided they meet Habeas' requirements.

It doesn't look like it affects, or will affect, day to day usage of
email by endusers.
 
It could well get messy but early signs are that it's effective.
What early signs? Is this system being tested on a large enough scale to
make it interesting for spammy to try and circumvent it?


I don't understand what Habeas has to do with this spf thing? It appears
they provide a service to businesses so they are able to send mailings,
provided they meet Habeas' requirements.

It doesn't look like it affects, or will affect, day to day usage of
email by endusers.
Click to expand...

Habeas's solution is a similar idea to spf but it adds in an extra
component. They use a text "watermark" in all validated outgoing emails.
The idea is that if incoming mails don't have this watermark, they aren't
accepted.

The catch Habeas have introduced is that their watermark is a Haiku poem
copywrited to Habeas. For spammers to get around this system they have to
include the watermark in the spam emails, violating Habeas' copyrights and
allowing Habeas' to take legal action against the spammers. As far as I'm
aware their first two cases are underway and they've just won the first one.

I mention them here as they've devised a legal method to take action against
spammers without relying on anti-spam laws. I think that's a very
interesting concept.

Andy.
IT Guy.
 
Andy said:
Habeas's solution is a similar idea to spf but it adds in an extra
component. They use a text "watermark" in all validated outgoing emails.
The idea is that if incoming mails don't have this watermark, they aren't
accepted.
Click to expand...

Maybe I am too involved into the technical details to see the
similarities, well, except that both attempt to provide some form of
sender authentication.
The catch Habeas have introduced is that their watermark is a Haiku poem
copywrited to Habeas. For spammers to get around this system they have to
include the watermark in the spam emails, violating Habeas' copyrights and
allowing Habeas' to take legal action against the spammers. As far as I'm
aware their first two cases are underway and they've just won the first one.

I mention them here as they've devised a legal method to take action against
spammers without relying on anti-spam laws. I think that's a very
interesting concept.
Click to expand...

It is, though I doubt it can be used on a large scale. If everyone were
required to buy the right to use this Haiku, Habeas would be in a
dangerously powerfull position. In the mean time it's a clever concept.
 
Jonathan Burrows wrote / skrev:
Watcha!

Great news!

Jabber

P.S. Just as I was about to send this post, I got three e-mails which
Norton caught all with virus' attached - you know the ones "Net Mail
Storage" or something.

Cheers
Click to expand...

Considering theese are sent by the virus Swen from an infected machine,
how exactly is this new service going to stop this? Do each person that
wants to send email from their machine have to register themselfs or
what? I admitt to not having read the information, just seems that this
particular instance, the swen-virus-flood will not be stopped by normal
spam measures. Having not read the thing I am not commenting on its
potential value for actual spam.

- veronica Loell
 
I mention them here as they've devised a legal method to take action
against
It is, though I doubt it can be used on a large scale. If everyone were
required to buy the right to use this Haiku, Habeas would be in a
dangerously powerfull position. In the mean time it's a clever concept.
Click to expand...

Agreed. This is only ever going to have a widespread effect in a
competitive marketplace.

Andy.
IT Guy.
 
Veronica said:
Jonathan Burrows wrote / skrev:



Considering theese are sent by the virus Swen from an infected machine,
how exactly is this new service going to stop this?
Click to expand...

Not.

Swen mostly uses the isp relay (those that I see) and the addy(s) it
finds on the infected machine as mail-from.
Do each person that wants to send email from their machine have to
register themselfs or what?
Click to expand...

With one form of use, the one most home users are familiar with, you
would have to do nothing. Many other forms of smtp use would become
difficult or impossible.
I admitt to not having read the information, just seems that this
particular instance, the swen-virus-flood will not be stopped by normal
spam measures. Having not read the thing I am not commenting on its
potential value for actual spam.
Click to expand...

Depends on the measures you take, a dozen or so lines in the MTA's
access file works miracles.
 
Back
Top