Tim and the Tin Titan


A New Weapon Against Spam
I came across an article talking about SPF. No, not the Sun Protection Faction of sunblocks but the "Send Permitted From:" field. This is an additional line of information added in the TXT field of your DNS entry that specifies which IP addresses from your domain are authorized to send Email.

This basically would deny spammers the opportunity to spoof email addresses from your domain in their advertisements if the receiver checks your SPF record before accepting the email. It would basically work as a reverse MX record, having the same function as a reverse DNS lookup.

SPF has the side effect of "breaking" forwarding/bouncing because if a domain forwards a mail in the name of another, the other's mailer will not be in the forwarding domains SPF record. The workaround is to switch to remailing, where the envelope sender is changed. A proposed format is: an email with MAIL FORM when forwarded by b@forward.com would become MAIL FORM . That way the SPF lookups pass and you can still tell where the mail came from.

I heard about it because AOL used it on a trial basis yesterday. Since they are one of the (if not the) biggest source of spam this would signal a positive step and a growing trend for the acceptance of this standard. The next version of SpamAssassin is supposed to have SPF lookups, I will eagerly await it.