SPF
(Sender Permitted From)
is a new mechanism which allows you to define
what ip addresses are permitted to send mail 'from' your domain,
this will stop spammers from pretending to send message from
your domain.
Why/How will SPF stop spam?
There
are two types of spam, legitimate businesses sending email from
real domains to people who haven't asked for it, this type of
spam is annoying, but trivial to filter with simple rules and
RBL databases. And most businesses are learning not to do this
as they rapidly find themselves cut off from the customers they
do want to talk to. This type of spam will continue but at a
relatively lower level, it isn't really a problem.
The
second type of spam is the problem, it's sent by people who use
fake 'from' addresses and domains, via multiple ip addresses and
virus mail slaves, meaning each email comes from a new ip
address, each email is written specifically to evade the
filters, and new variants are written each day. These mails are
more or less impossible to filter. However, this second set is
trivial to block with SPF!!! So once most domains have added SPF
records most spam sent by these rogue people will bounce, at
which point they will stop bothering, they aren't doing it for
fun or to annoy, they do it to make money, and stopping delivery
makes it pointless for them.
Once
people cotton on that this stops spam, they will insist on SPF
records, a few domains that insist on it will force everyone
else to add SPF records rapidly. So basically if you want to be
able to send email from your domain in 3 months time, you will
need an SPF record, so better to add it now before you have to
do it in a rush! Also domains that are slow adding SPF records
will be used by the spammers as a preferred 'from' address,
trust me you don't want this to happen, it means 'you' get
abused by all the people receiving the spam, and your domain
gets shut down even though you haven't actually done anything
wrong. The moral of the story, add your SPF record as soon as
you can, if your DNS service doesn't support it, change to a new
DNS service. |