Receiver Initiated Authentication: A Practical Method to Authenticate Incoming Email.
Michael G. Kaplan A practical method for authenticating all incoming email is described. Existing SPF records authenticate some email but the requirement of domain administrators to perfectly maintain their SPF records profoundly limits the utility of SPF. A rapidly compiled and near comprehensive Receiver Generated SPF database will ensure almost universal email authentication. This is achieved by bouncing difficult to classify email along with a request to simply resend the bounce. The domain and sending MTA from the now authenticated resent email will be entered into a single shared Receiver Generated SPF database. All future non-forwarded email from this domain sent via this server will be authenticated after consulting this database. Uniquely generated sub-addresses can, as an option, be sent with all outgoing email; forwarded email is in effect authenticated by these sub-addresses thereby rectifying a major flaw with conventional SPF. Email that is clearly spam will be deleted regardless of the presence of these optional sub-addresses. Auto-Resend software, an optional but very useful and trivial to implement upgrade to email clients and mail servers, will transparently resend bounces that correspond to recently sent emails. Nearly all email will be authenticated and spam will be almost completely blocked; users will not have to alter their current behavior almost without exception. more... http://spamfizzle.com/default.aspx _______________________________________________ NetBehaviour mailing list [email protected] http://www.netbehaviour.org/mailman/listinfo/netbehaviour
