Killing spam - SPF

Colin McGregor colinmc151-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Apr 21 01:57:46 UTC 2004


"Lance F. Squire" <lance-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> on Tuesday, April 20, 2004 10:09 AM
wrote:

> What's the best/easy spam filter out there right now.
>
> I've heard of Spam Assassin. Is that the one to go with?

While not strictly speaking a spam killing tool I am in the process of
setting up SPF for the domains and mail server I administer. What SPF does
is it asks the question "Is the machine that is attempting to sending me
e-mail authorised by the domain holder to send e-mail for the domain they
claim to be sending from?". In other words if you get an e-mail that is
coming from a Roger's IP number but has an AOL from address SPF will assume
it to be bad news and discard it. Or if an e-mail comes from a AOL IP
number, but does not come from a mail server that AOL has authorised to send
e-mail SPF can again assume the e-mail to be bad news and drop it.

SPF is far from perfect as a spam solution in that it only attempts to
verify that a particular e-mail came from a site the domain owner authorises
it to come from (i.e. anyone wanting to run their own mail server from home
had likely best set-up their own domain...). For the foreseeable future a
significant number of sites will not have the authorised mail server list in
their DNS entries to support SPF. Also, some spammers I am sure will have
their own little ISPs with SPF entries so spam will appear legit enough to
pass. Still SPF is useful as it does raise the bar for spammers, making it
much harder to hide where they are actually coming from, and making other
anti-spam tools like blacklisting based on domain name more effective... It
also raises the bar for virus writers who if they want their creations to
spread among Windows boxes will again have to be more open about where the
virus is coming from (making correction and cure easier...). Lastly it also
reduces the value of open relays as a run of the mill mis-configured
Linux/*BSD/virus infected Windows box in a domain that has implemented SPF
con not send much without being noticed...

Colin McGregor

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list