Spam Free Email

July 2004
M	T	W	T	F	S	S
		Aug »
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

I’m going to turn this into an article eventually, but I’m going to start it out as a blog entry. I’m thinking this is going to be a way for me to get the ideas out of my head and organize them into articles. We’ll see if it really happens, but don’t be too surprised to see blogs turn into articles and articles turn into white papers over time.

So [[SenderPolicyFramework:SPF]] is a great new technology that I have huge high hopes for. [[SenderPolicyFramework:SPF]] stands for [[SenderPolicyFramework:Sender Policy Framework]] and you can find lots more information about it at http://spf.pobox.com/

The basic concept is that anyone who has email can publish a new record in [[DomainNameSystem:DNS]]. The existing MX (Mail eXchange) record tell everyone where email for that [[DomainName:domain]] is going to, but this new [[SenderPolicyFramework:SPF]] record (which is currently done with a TXT record) will tell the Internet where [[EmailMessages:email]] should come FROM.

This benefits both [[AntiSpam:anti-spam]] and [[AntiVirus:anti-virus]] protocols. If an [[EmailAddress:email address]] is being faked,forged or spoofed and the [[DomainName:domain]] has published an [[SenderPolicyFramework:SPF]] record then the [[EmailServer:email server]] receiving the [[EmailMessages:email message]] can choose how to proceed.

AOL has already publish their [[SenderPolicyFramework:SPF]] records, so lets use them as an example. If your [[EmailServer:email server]] were to reject any [[EmailMessage:email]] with an AOL [[EmailAddress:email address]] (anything @ aol.com) that does not come from the specific [[EmailServer:email servers]] AOL has published in their [[SenderPolicyFramework:SPF]] record how many [[SpamMessages:spam messages]] and [[ComputerVirus:viruses]] might you block?

From the virus point of view, if your users are prone to opening attachments from [[EmailAddress:email addresses]] they recognize (I have a few) these may be eliminated by the sending domains publishing [[SenderPolicyFramework:SPF]] records and your [[EmailServer:email server]] blocking anything using that [[DomainName:domain]] and not sent from specified [[EmailServer:servers]].

I’m not holding my breath as this is going to take acceptance from the entire Internet to make this work, but if only a few majors (Like AOL, Yahoo, Google and eBay) were to publish [[SenderPolicyFramework:SPF]] records I would be willing to block anything that does not come from the specified [[EmailServer:servers]] they publish.

Speaking of eBay, this would be a great way to stop getting the fake email that look like the come form eBay and are really trying to scam your credit card. eBay, are you listening?

It may not be a cure, but it will be a great validation tool.

Anti-spam ideas, tools and services

The future is so bright I need SPF