Email address fakers targeted by new open standard
One of the biggest nuisances on the web today is when somebody sends out SPAM pretending to be from your email. This is known as Sender Address Forgery and it could become a thing of the past due to a new open standard called Sender Policy Framework (SPF).
Image from: www.j600.com/fake-rifts.html
A couple of years back I asked the question that with 88% of emails being SPAM - Is email dead? The answer is "no - but its in very bad shape" and something needs to be done soon - one of the most promising technology initiatives is SPF!
The SPF website describes the problem and the SPF solution very clearly.
The Problem: Sender Address Forgery
Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages. You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.
So whats the SPF solution?
Sender Policy Framework (SPF) is an open standard which specifies a mechanism to prevent sender address forgery.
SPF allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. Then both sender and receiver co-operate to establish if the message complies with this policy.
STEP 1: The domain owner publishes their policies in an SPF record in the domain's DNS zone.
STEP 2: When someone else's mail server receives a message claiming to come from that domain, the receiving server simply check whether the message complies with the domain's stated policy or not and therefore whether it is genuine or fake
Its as simple as that.
For more info visit the SPF website which is very comprehensive and up-to-date on exactly where the standard is in terms of status/timelines and also who is supporting it.
Bioteams Books Reviews
Ori Brafman introduces his forthcoming book, “Sway: The Irresistible Pull of Irrational Behavior” by sharing a very sobering tale which illustrates how even the most trusted professionals (airline pilots) can depart wildly from the rational under certain pressure conditions.