On Tue, 20 Nov 2007 22:31:09 +1300 (NZDT) Nick Rout <[EMAIL PROTECTED]> wrote:
> I think you misunderstand email. Why shouldn't I be able to send an email > with my paradise return address from a server in timbuctoo? I can. And I > should be able to. > All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. For example I've set up the corporate mail as follows: [EMAIL PROTECTED]:~# dig txt firetrust.com ; <<>> DiG 9.4.1-P1 <<>> txt firetrust.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23367 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;firetrust.com. IN TXT ;; ANSWER SECTION: firetrust.com. 3600 IN TXT "v=spf1 a mx ~all" says that all valid mail from firetrust.com must originate from our mail server ( the dns a or mx record - same in this case), so all of us send out our mail via that server, authenticating via tls ( the alternative open relay was vetoed for some reason (: ). This is about the best you, as the sender of email, can do, if you have access to manipulate dns in this way. It's well flawed, and not that difficult to beat, but it slows down the spammer a bit. It's just a case of attempting to identify you that bit better, as currently 95% of all mail is spam. Used wisely, it can help ( for example, when out in the field, you can state that your emails can use google mail, or yahoo, etc... ). Others are providing similar ideas, but spf seems to be the most popular atm. Just my $0.02, Steve -- Steve Holdoway <[EMAIL PROTECTED]>
