Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Beating Spam with SPF

Email was the original Killer App of the Internet, but it is now being choked because spammers are taking advantage of the trust assumed in the original email standards. Things have improved - open relays used to be normal, now they are configuration mistakes or, probably more likely, installed by the spammers without authorisation. The next hole to block is the forging of sender's addresses and a proposed Internet standard, the Sender Policy Framework, allows this.

The concept is simple, organisations add a DNS record specifying which IP addresses are permitted to send email for their domain, and receiving mail servers can check that the source of a message is listed. No more "Joe-Jobs". Two areas that require special care when introducing SPF are mail forwarding (including mailing lists) and travelling email senders. The Sender Rewriting Scheme is useful in this regard.

Microsoft has announced a similar, competing standard: Caller ID for E-mail, but there are no announcements for products supporting it and Microsoft claims it has patent rights on the technologies involved.

Although the IETF standards process is expected to take at least a year, you can start using SPF today; already 9450 domains are known to be publishing SPF records, including Yahoo. Yui Kee now publishes and checks SPF records. Your current mail server software might be able to check SPF records; support is already available for Postfix, Sendmail, Qmail and Exim. Sophos' Puremessage anti-spam software supports SPF.

SPF is not a magic bullet that will eliminate spam, but it is an important part of a larger solution.


More Information