Email address fakers targeted by new open standard
Stumble It!One of the biggest nuisances on the web today is when somebody sends out SPAM pretending to be from your email. This is known as Sender Address Forgery and it could become a thing of the past due to a new open standard called Sender Policy Framework (SPF).
Image from: www.j600.com/fake-rifts.html
A couple of years back I asked the question that with 88% of emails being SPAM - Is email dead? The answer is "no - but its in very bad shape" and something needs to be done soon - one of the most promising technology initiatives is SPF!
The SPF website describes the problem and the SPF solution very clearly.
The Problem: Sender Address Forgery
Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages. You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.
So whats the SPF solution?
Sender Policy Framework (SPF) is an open standard which specifies a mechanism to prevent sender address forgery.
SPF allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. Then both sender and receiver co-operate to establish if the message complies with this policy.
STEP 1: The domain owner publishes their policies in an SPF record in the domain's DNS zone.
STEP 2: When someone else's mail server receives a message claiming to come from that domain, the receiving server simply check whether the message complies with the domain's stated policy or not and therefore whether it is genuine or fake
Its as simple as that.
For more info visit the SPF website which is very comprehensive and up-to-date on exactly where the standard is in terms of status/timelines and also who is supporting it.
Tags: spam
Digg | 
del.icio.us | 
Reddit | 
Yahoo! | 
Add to my favourites
Bioteams Books Reviews
What teams can learn from wolves
If you think that there is not much human teams can learn from nature think again! Temple Grandin in her amazing book Animals in Translation: Using the Mysteries of Autism to Decode Animal Behavior (p303-307) puts forward the incredible theory that early humans only became today’s successful homo sapiens because they learned to act and think like the wolves they co-habited with.
Buy it now from:
Amazon.Com
Amazon.Co.UK
Related News & Media Articles
Are crowds always wise: qualifying your crowd
The ever thoughtful David Pollard has an excellent article on the Wisdom of Crowds versus the Wisdom of Witch Doctors (Consultants and Senior Management) and how to tell the difference. By Paul Sweeney.
Poisoned web poses risk to security
Computer criminals are redirecting internet users to bogus web-sites through a scam known as "DNS cache poisoning". The antidote is a free piece of software called BIND9.
Anti-spam act update
Maurene Grey in Collaboration Loop January 03, 2006 reports that two years after being signed into law, the Federal Trade Commission (FTC) have released their report to the US Congress on the effectiveness of the CAN-SPAM Act.
Leave a comment