A full description is here...
http://spf.pobox.com/
The basic idea is this. Each domain owner publishes a record in DNS indicating which servers are allowed to
send email "from" that domain. When an email comes in, and it says it's from "aol.com" you check the spf record for aol.com.
The computer on the other end of the line had better be listed in the spf record, or it's a spoofed from field and is
probably being sent by some compromised box run by a spammer from Thailand. Hence we would throw it away.
I mention AOL, because aol has started publishing spf records, so that should greatly reduce the quantity of spam
getting through the filters if we check for spf, as anything with a forged aol "from" field will be tossed. This is starting
to become a bit of a standard as well, so it might be wise to support it before too long.
-Tyler
On Feb 8, 2004, at 5:38 PM, Serge Knystautas wrote:
tyler wrote:Now one more question. Does James support SPF (Sender permitted from)
and if not, is there currently a plan to support it? If so, how do you turn it on?
I might know it by a different term, but can you describe SPF a bit? If you mean sender permitted based on the From email address, that is very spoofable unless you've got S/MIME signed messages. No server should really be allowing any message relayed just because it has From: [EMAIL PROTECTED]
-- Serge Knystautas President Lokitech >>> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
