<<< Date Index >>>     <<< Thread Index >>>

[IP] SPF v2 draft 95% complete




Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Sat, 18 Oct 2003 21:42:39 -0400
From: Meng Weng Wong <mengwong@xxxxxxxxxxxxxxx>
Subject: SPF v2 draft 95% complete
To: Dave Farber <dave@xxxxxxxxxx>


for IP, if you wish

On Thu, Oct 09, 2003 at 09:12:41AM -0400, Dave Farber wrote:
|
| >>VeriSign executive Nico Popp explains, "People have been
| >>spending all their time creating filters to find the bad guys.  We want to
| >>turn that on its head and find ways to identify the good guys and let them
| >>in."  The idea would be to develop the Internet equivalent of caller ID,
| >>with a technology that identifies senders and lets receivers presume that
| >>unidentified senders are sending junk mail.  Richard Reichgut of
| >>AuthentiDate says, "It's not easy to change something as successful and
| >>widely used as e-mail.  But the only way to fix e-mail is to have a strong
| >>way to know who is sending you mail."  [*The New York Times*, 6 Oct 2003;
| >>NewsScan Daily, 6 Oct 2003]
| >>   http://partners.nytimes.com/2003/10/06/technology/06SPAM.html

SPF has matured significantly since the last time I discussed it on IP.

It does exactly what the above paragraph suggests.

And it does it
  - without encryption,
  - without a centralized authority, and
  - for free.

Some people working on spam boast about how many patents they have.
I have no patents, just an RFC draft.

The new v2 draft has reached 95% completion; it is at
http://spf.pobox.com/draft-mengwong-spf-02.txt

The rest of the website will be updated over the next few days.

This version of the draft solves almost all the criticisms that were
leveled against the first version.

The previous draft has gained support in Sendmail, Postfix, Qmail, and
Exim.  Between 500 and 1000 domains presently publish SPF records.  The
people behind SpamAssassin, ActiveState PureMessage, MailArmory.com, and
other antispam products have indicated plans to support this proposal in
future releases.

I have been invited to present it at ISPcon Oct 21 on Tuesday between 3
and 4pm; if any IPers in San Jose would like to visit, I have free
passes and can get one or two people in.  Dave Crocker will also be on
the panel.

Implementation is very simple: you add one line to your DNS:

   domain.com IN TXT "v=spf1 a mx ptr default=deny"

That tells SMTP receivers to check connecting clients in three ways.  If
one of those mechanisms indicates that the connecting client IP belongs
to domain.com, let the mail through; otherwise, reject it.  In
combination with RHSBLs, I really believe this will help get rid of spam.

If you want to implement SPF either on the domain-publisher or
SMTP-receiver side, please join the spf-discuss mailing list by sending
a message to subscribe-spf-discuss@xxxxxxxxxxxxxx

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/