Interesting People mailing list archives
" SPF will solves spam"
From: Dave Farber <dave () farber net>
Date: Tue, 10 Jun 2003 17:19:02 -0400
------ Forwarded Message From: Meng Weng Wong <mengwong () dumbo pobox com> Date: Tue, 10 Jun 2003 17:15:51 -0400 To: dave () farber net Cc: dana () a-clue com Subject: SPF will solves spam On Tue, Jun 10, 2003 at 02:56:03PM -0400, Dana Blankenhorn wrote: | | For the last several months I've noticed more and more spams that don't have | any return addresses at all -- let alone fake ones. This makes them | impossible to blacklist. | | So we have two mean technical problems here -- Joe Jobs and untraceable | spam. I think the question should be put to the group. What's the solution? | Two weeks ago I discovered RMX: the Reverse MX protocol. One week ago, I discovered DMP: the Distributed Mailer Protocol. This week I will implement SPF: a hybrid of the two. SPF solves both problems by attacking the underlying issue: in SMTP, any connecting client can assert any sender address. This is a vulnerability which has been exploited by spammers. SMTP+SPF eliminates the hole by requiring everyone (spammers included) to send mail from their real domain. Once that's in place, we can easily blacklist spammer domains. The result: no more spam. http://spf.pobox.com/ The key difference between SPF and the other two proposals is that it specifies not just a new protocol but a strategy for adoption. The Catch-22 is this: SPF, and proposals like it, will only work if lots of people adopt it; but people will only adopt it if lots of other people adopt it first. The draft RFC I wrote specifies a sunrise date after which non-SPF-conforming domains should expect to see their mail classified as spam by reasonable people. Before that date we will be in the SPF transitional phase, when reasonable ISPs should convert to SMTP+SPF. After the sunrise date, spam should end. The major objection to SPF is that people are used to the way SMTP works. An SMTP which passes a billion spams a day is not one which I want to see continue. SPF represents the least disruptive, most permanent, and most affordable solution. It requires the least change and delivers the most results. SPF could become a fascinating case study of a technological revolution. People who aren't interested in the technology per se, but would like to follow the political and social plays, are also welcome to join the spf-discuss list. If you're interested in being involved, send mail to subscribe-spf-discuss () v2 listbox com Over the next few weeks I will encourage development of SPF patches in the four leading opensource MTAs: sendmail, qmail, postfix, and exim, and I will encourage domain owners to publish SPF records. In the next year, I hope to see major ISPs convert to SPF compliance. The sunrise date is July 4, 2004. ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- " SPF will solves spam" Dave Farber (Jun 10)