[Baypiggies] Challenge/Response email systems

Paul McNett p at ulmcnett.com
Sat Jun 17 21:07:05 CEST 2006

steve hindle wrote:
> On 6/16/06, Ken Seehart <ken at seehart.com> wrote:
>>  4. Is there anything as bulletproof as CR, but without the problems?  And I
>> am not asking about
>>  better filters (that's just an ongoing battle against better spam).
> I know the 'designated sender' system(s?) were causing a stir a while back...
> I forget the acroynm but I believe it worked by adding DNS records
> indicating which mail servers were 'authorized' to originate mail for
> a particular domain.  I believe AOL was backing/implementing a version
> of it.  Don't know what the outcome was, but I sure someone on the
> list can shed more light on it.

SPF (sender policy framework). http://www.openspf.org/

If every domain would put a SPF record in their DNS, and if every mail 
system would verify and drop mail that was sent from a source that 
didn't match the domain's SPF record, then spoofed mail would be a thing 
of the past.

At which point, C/R systems could actually have a hope of working.

At the moment, my mail server filters hundreds of junk mail per hour. 
But only a handful of the domains where the junk mail is allegedly 
coming from have SPF records set up.

All the big ISP's are tending to have SPF records these days, though.

Paul McNett

More information about the Baypiggies mailing list