PDA

View Full Version : SPF: Sender Permitted From/Sender Policy Framework



aidtopia
03-21-2004, 08:20 AM
Does anyone know if we can set up SPF records for our domains hosted on Westhost?

SPF is a relatively simple standard proposed for cutting down on spam by verifying that email actually came from a server authorized by the domain. For example, spammers are sending junk that claims to be from my domain. If I had an SPF record, then receiving servers could see that these fake messages weren't sent by a server from my domain and dump them.

Since most of this spam is directed at AOL addresses and since AOL is doing a pilot SPF test, this seems like a perfect opportunity to stop some of the abuse.

I've read about SPF on http://spf.pobox.com/, but the explanation of how to set up an SPF record assumed more knowledge than I have about DNS, MX records, etc.

SJP
03-21-2004, 10:47 AM
A comma snuck into the link for SPF. Interesting. I'll read up on it, but first I thought of another SPAM reduction/elimination technique. I don't have a SPAM problem on my web-site. Of course my personal e-mail is a different story. Everytime I receive a SPAM that looks familar I look at the header and I've noticed in three cases supposedly sent by three different people (forged no doubt) that the XML-Context header is the same. Here's a typical header field:

XML-Context: <ZGlja3NvbkBpbnRlcmlzbGFuZC5uZXQ=>

Kind of odd don't you think that such a long, convoluted id would be the same? I mean what are the chances of randomly selecting the same one? 1 in several trillion?

Other than that each message is slightly different (text color). This reminds me of the way Yahoo! handles sending multiple copies (address list) except in that case the MIME boundary was the same. Instead of sending out one copy it sends a seperate copy for each one. This is very different from the PC or any other mailer for that matter. So anyways that got me to suspect the reason they were not regenerating the e-mail each time and instead were using the same one was to cut down processing time. If they were regenerating the message the boundary would be different. I don't really know what XML is good for, but I read its purpose is to aid the publishing industry of which SPAM hosts fall into, because they are sending out millions of copies of the same document. So here's the idea. A procmail filter or better yet a system wide filter that all e-mail regardless of who it is destined for keeps a copy of the boundary and XML-Context fields. When another e-mail that has identical fields is received it is flat out dropped. That way at most one SPAM is delivered and the duplicates are not. Not perfect, but then neither is SPF I suspect. The net effect could be to make it more expensive to send SPAM, because each copy would have to be uniquely generated which would severely curb the number of SPAM sent and most importantly cut into the profitability of doing so. Just a preliminary thought. I hope some of you can make sense out of this. I'm not the greatest at translating my experiences into words.

SJP

SJP
03-21-2004, 02:58 PM
So I read up on SPF and it looks like a big step in stemming the tide. However, it is not clear to me that any WH clients need to take action since the e-mail servers reside in their domain. Rather it looks they're the ones that need to make changes to support it since the way things work our domains are really a subdomain of theirs. When I send e-mail to myself the Return-Path (sender envelope) reads: sanjuanpersonals@westhost38.westhost.net. The domain is whatever follows the @. I think one of the goals of SPF is to keep overhead to a minimum. Querying the DNS server twice per e-mail message as the case would be sounds a bit excessive. You could probably do something locally to ensure the sending IP and domain agree (using procmail), but would be after the fact since SPF enabled machines can make the determination e-mail is valid by examining the header only. WH implementing SPF would be in their best interest, because they are the front-line for all SPAM and could save considerably on wasted bandwidth, disk usage, and other resources. Further the SPF way of doing things is much more direct. Interestingly SPF also stands for "Shortest Path First" (a gateway protocol) and that philosophy applies here too, because the best way to avoid a problem is to prevent it from becoming one. I don't know if you see the parallel here - both address effeciency,

SJP

aidtopia
04-11-2004, 09:11 AM
The Return-Path on my emails is my actual address at my domain, not some westhost server. So it seems I would need an SPF record for my domain.

SJP
04-11-2004, 01:49 PM
The Return-Path on my emails is my actual address at my domain, not some westhost server.

Do you have a dedicated server or is this another difference between 1.0 and 2.0?

SJP

FZ
04-11-2004, 02:57 PM
It's a 2.0 feature, SJP...

aidtopia
04-14-2004, 07:44 AM
No, I'm still a 1.0 site. No clue when Westhost will get around to converting me.