Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

" SPF will solves spam"

From: Dave Farber <dave () farber net>
Date: Tue, 10 Jun 2003 17:19:02 -0400

------ Forwarded Message
From: Meng Weng Wong <mengwong () dumbo pobox com>
Date: Tue, 10 Jun 2003 17:15:51 -0400
To: dave () farber net
Cc: dana () a-clue com
Subject: SPF will solves spam

On Tue, Jun 10, 2003 at 02:56:03PM -0400, Dana Blankenhorn wrote:
| 
| For the last several months I've noticed more and more spams that don't
have
| any return addresses at all -- let alone fake ones. This makes them
| impossible to blacklist.
| 
| So we have two mean technical problems here -- Joe Jobs and untraceable
| spam. I think the question should be put to the group. What's the
solution?
| 

Two weeks ago I discovered RMX: the Reverse MX protocol.
One week ago, I discovered DMP: the Distributed Mailer Protocol.

This week I will implement SPF: a hybrid of the two.

SPF solves both problems by attacking the underlying issue: in SMTP,
any connecting client can assert any sender address.  This is a
vulnerability which has been exploited by spammers.

SMTP+SPF eliminates the hole by requiring everyone (spammers included)
to send mail from their real domain.  Once that's in place, we can
easily blacklist spammer domains.  The result: no more spam.

  http://spf.pobox.com/

The key difference between SPF and the other two proposals is that it
specifies not just a new protocol but a strategy for adoption.

The Catch-22 is this: SPF, and proposals like it, will only work if
lots of people adopt it; but people will only adopt it if lots of
other people adopt it first.

The draft RFC I wrote specifies a sunrise date after which
non-SPF-conforming domains should expect to see their mail classified
as spam by reasonable people.  Before that date we will be in the SPF
transitional phase, when reasonable ISPs should convert to SMTP+SPF.
After the sunrise date, spam should end.

The major objection to SPF is that people are used to the way SMTP
works.  An SMTP which passes a billion spams a day is not one which I
want to see continue.  SPF represents the least disruptive, most
permanent, and most affordable solution.  It requires the least change
and delivers the most results.

SPF could become a fascinating case study of a technological
revolution.  People who aren't interested in the technology per se,
but would like to follow the political and social plays, are also
welcome to join the spf-discuss list.

If you're interested in being involved, send mail to

   subscribe-spf-discuss () v2 listbox com

Over the next few weeks I will encourage development of SPF patches in
the four leading opensource MTAs: sendmail, qmail, postfix, and exim,
and I will encourage domain owners to publish SPF records.

In the next year, I hope to see major ISPs convert to SPF compliance.

The sunrise date is July 4, 2004.


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: