Posted: 10th Jan, 2004 By: MarkJ
ISP AOL is reported to have trialled the 'Senders Permitted From' (SPF) method of validating legitimate e-mails for a period of 24 hours before stopping to asses the data. SPF can help to validate legitimate e-mails, which is good when a large percentage of SPAM is from faked senders:
SMTP has a security hole: any connecting client can assert any sender address. This flaw has been exploited by spammers to forge mail. Close the hole, and we can easily block spammers by sender domain.
SPF closes this loophole. SFP is primarily an anti-forgery effort. Any benefits in the area of reduced spam, worms, viruses, etc are pleasant side-effects. That said, if SPF causes spammers to send mail from their own domains, we'll be better able to identify and block those domains.The technology may be a little confusing to those not familiar with it. More @
Slashdot &
Senders Permitted From. Thanks for Philip for forwarding this news on.