Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Presotto <presotto@closedmind.org>]

[-- Attachment #1: Type: text/plain, Size: 1789 bytes --]

I should be more complete.  SPF isn't a panacea.  There are a lot of options
but the basic function of SPF is to stick into DNS the IP addresses of the
mail servers that can send mail from a particular domain.  If you see mail
from my home machine that says its from aol.com, you dump it into the bit
bucket.  ALL of the spam that makes it through my filter has faked From:
addresses since I use a white list.  Most of my spam that gets rejected also
has faked From: addresses.

It thus forces you to always go through a server that is authorized to send
mail from your domain.  Therefore, when you're off visiting somewhere, you
still have to use your own domain's smtp server.  That might not be possible
if you're behind a firewall.  For example, at Lucent one cannot make smtp
connections out of the company.  One must use internal servers.  Therefore,
russ couldn't send messages from here as rsc@swtch.com or I as
presotto@closedmind.org since we'ld have to do through lucent servers.

It does have the advantage that the current viruses would have a hard time.  They
normally look into your Outlook address file and send mail from your machine as
a myriad of different people that you have contacted.  If most domains used SPF
then the best they could do would be to send mail through their dedicated servers
as themselves (or at worst someone in their home domain).  This really reduces the
distributed spreading power of viruses that use email.  The dedicated servers usually
find out about viruses early and filter hard.  In essence, a virus would stop
spreading as soon as aol, comcase, yahoo, etc figured out it existed.

Of course, that will just select for sneakier viruses, but the sneakier, in general,
the more complex and hence the more fragile.

[-- Attachment #2: Type: message/rfc822, Size: 5200 bytes --]

[-- Attachment #2.1.1: Type: text/plain, Size: 135 bytes --]

I'm currently building support for it into Plan 9.  I think its a
good idea.  It doesn't prevent spam but it makes white lists better.

[-- Attachment #2.1.2: Type: message/rfc822, Size: 2992 bytes --]

From: "Joel Salomon" <salomo3@cooper.edu>
To: 9fans@cse.psu.edu
Subject: SMTP+SPF (was: [9fans] Re: new release?)
Date: Wed, 25 Feb 2004 19:14:15 -0500 (EST)
Message-ID: <3281.199.98.20.107.1077754455.squirrel@wish.cooper.edu>

Geoff Collyer said:
> I've been contributing anti-spam machinery for smtpd, and have some
> other code and ideas stalled by lack of time and not-quite-complete
> IPv6 support in Plan 9.  So far none of the strongly-hyped anti-spam
> ideas keep the spam from reaching one's machine in the first place,
> and I know how to do that, it's just going to take some time to do it.
>

Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?
http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
ensure that the sender of an email is a real person from a responsible
ISP.

--Joel