lawless Posted May 26, 2004 Share Posted May 26, 2004 I've been paying attention lately to the SPF (Sender Policy Framework / Sender Permitted From) initiative. It's an excellent initiative and looks likely to be adopted. However it will be at least a year before it will be of much practical use, even if the world at-large embraces it. I won't explain how SPF works here. Please see http://spf.pobox.com for a full explanation. The following assumes the reader is familiar with the basics of SPF. It just occurred to me that the SpamCop webmail system could, with relative ease, adopt a SPF-like filtering capability quickly. I'm finding that despite the SCBL and SpamAssassin, much spam still sneaks through. SpamAssassin 2.70 (SA270) will support SPF (webmail currently uses version 2.63). 99% of the "escaped" spam I see would fail a SPF-like filter test. I'm hoping that JT would consider implementing a SPF-like filter capability for the webmail system in advance of the SA270 implementation. The SA270 implementation will benefit from (or perhaps even demand something like) this, so the effort would not be wasted. The suggestion is to have either SC or SC-webmail add a header that contains the transfer relay domain as determined by the first (or gateway) mailhost matched from each user's mailhost list. I suggest something along the lines of "X-SC-Transfer-Domain:". The gateway mailhost is trusted and so any reverse-DNS information provided by it in the "Received: from" header presumably can also be trusted. This relay nominally should be the outbound relay of most valid senders' traffic. To complete the enchantment, the webmail system would be modified to allow e-mail with a mismatched "Return-Path:" (i.e. "envelope sender") and "X-SC-Transfer-Domain:" to be held in a quasi-SPF "purgatory" webmailbox. This mailbox would be separate from the current "held" mailbox because the quasi-SPF filtering mechanism would fail for some valid e-mail. The quantity of mail appearing in SPF purgatory will be small, and will have a relatively high probability of being from a valid sender--thus suggesting a closer and more careful review process. The key element to understand for those inclined to comment is that SPF revolves around the "envelope sender" indicated by the SMTP "MAIL FROM:" protocol handshake rather than the "From:" header embedded in most messages. Please try to grasp what this is before commenting. See RFC 2821 http://www.apps.ietf.org/rfc/rfc2821.html. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.