Well, I went ahead and installed the DNS records to support SPF. SPF is a sender validation name thing that allows you to designate, via DNS, what IP addresses may legitimately be sending mail for a particular domain. Apparently SpamAssassin 2.70 will support SPF as well, marking mail that fails the test (IP addresses are designated as OK, bad, or no data) with a higher spam score. Since, in my case, mail from sidhe.org only comes from my server here, I can safely mark the rest of the world as spoofing mail from me.
Will this stop spam? No, of course it won't. Will it slow spam down? Well... I dunno. If some of the domains that are commonly forged (microsoft.com, aol.com, yahoo.com, and hotmail.com) put in SPF records, it'll mean its easier to throw out mail with forged from addresses, at least from there. Since it's easy, a few automatically generated entries in my BIND config files, and harmless, not hurting to have them in, I figure I might as well go and do it. The more people that do, the more chance this thing has to actually be useful.
Posted by Dan at October 3, 2003 05:29 PM | TrackBack (1)perl.org is supporting SPF as well; I think we were even among the very first to do so (I did it during the SPF BOF at OSCON :-) )
Hopefully it'll help a bit; but we'll see in a year or two.
[ask@miette ask]$ host -t txt _smtp_client.perl.org
_smtp_client.perl.org TXT "SPFinclude=spf.develooper.com"
[ask@miette ask]$ host -t txt 1.2.3.4._smtp_client.spf.develooper.com
1.2.3.4._smtp_client.spf.develooper.com TXT "spf=softdeny"
And it looks like SPF is possibly joining and merging with several similar proposed standards. Freeside's doing an amazing job with guiding SPF toward success (an he has amazing patience too).
Posted by: Andrew Sweger at October 3, 2003 07:46 PM