- To hell with the pig... I'm going to Switzerland.

OpenSPF (Friday, December 16, 2005)

Okay, time for another technical entry. This evening has been spent fighting the good fight against spam. In an effort to be as compatible as possible, I found my way to the Open Sender Policy Framework web site. SPF is the newish framework accepted by large sites like AOL and Hotmail and others that will help battle spam by largely preventing forged From: lines. The basic idea is that a domain knows exactly what systems are and are not allowed to send e-mail on behalf of that domain — for example, is the only host on the whole Internet that is allowed to send e-mail with a From: line that includes Similarly, is definitely not going to ever legitimately send a message with on the From: line. So, by implementing SPF for my domain, I have accomplished two things: First, I have allowed any server on the Internet that cares, to determine if a message claiming to be from is legitimate. Second, I have ensured that whenever I send mail to a site that cares, my message will not be dropped because the server is unable to verify the legitimacy of my identity. Unfortunately, my server is not yet among those that "care", so I am not checking the SPF for incoming messages... yet. It's definitely on my to-do list, however, right now there aren't enough legitimate domains that implement it to make a dent in my system's spam load — spammers that are forging their From: lines have stopped using Hotmail and AOL and have begun using obscure domains that (like me, until tonight) have not yet bothered to implement SPF.

—Brian (12/16/2005 01:16 AM)


No comments.

(no html)

Disclaimer: Opinions on this site are those of Brian Ziman and do not necessarily
reflect the views of any other organizations or businesses mentioned.