|
by Bruno Sousa <bruno/at/linuxfocus.org> About the author: Bruno is a student in Portugal.
He dedicates his spare time to Linux and photography. |
An introduction to SPFAbstract:
SPF stands for Sender Policy Framework and it aims to be an
antiforgery standard to prevent the forging of e-mail addresses. This
article gives a short introduction to SPF, its advantages and
disavantages.
|
SPF was born on the year 2003, his mentor, Meng Weng Wong picked up the best features of Reverse MX and DMP (Designated Mailer Protocol) to bring SPF to life.
SPF uses the return-path (or MAIL FROM) present on the email message header, since all MTAs work with these fields. However there is a new notion proposed by Microsoft: The PRA, which means the Purported Responsible Address. The PRA corresponds to the address of the end-user that a MUA uses (like thunderbird).
So when we put together the SPF and the PRA we can obtain the so-called Sender ID, which allows an user who receives email to perform the check of the MAIL FROM (SPF check) and the PRA check. Somehow it's said that MTAs will check the MAIL FROM and the MUAs will do the PRA check.
Actually SPF needs DNS to work properly. This means that the "reverse MX" records must be published, these records tell what machines send email from a given domain. It is different from the MX records, used nowadays, that specify the machines that receive email for a given domain.
v=spf1 [[pre] type [ext] ] ... [mod]
Parameter | Description | ||||||||||||||||||
v=spf1 | Version of SPF. When using SenderID you might see v=spf2 | ||||||||||||||||||
pre | Defines a return code when a match occurs. The possible values are:
| ||||||||||||||||||
type | Defines the type to use for verification.
The possible values are:
| ||||||||||||||||||
ext | Defines an optional extension to the type. If it is omitted then it is used only a single record type for interrogation. | ||||||||||||||||||
mod | It is the last type directive and acts as a
record modifier.
|
ISPs will have some "trouble" with their roaming users if they are using mechanisms like POP-before-Relay instead of SASL SMTP.
Well, if you are an ISP worried about spam and about forgeries you must consider your politics about email and start using SPF.
Here are some steps you might consider.And with this you are protecting your servers, your clients and the world from spam...
There's a lot of information on the official site of SPF for you, what are you waiting for?
You may think that the implementation about SPF might be somehow confusing. Well indeed it is not complicated, and by the way you have a great wizard that help you out to accomplish your mission (see the references section).
If are you worried about spam then SPF will help you, protecting your domain from forgeries, and all you have to do is to add a text line on your DNS server and configure your email server.
The advantages that SPF brings are big. However, like I said to someone, it is not a difference between the day and the night. The benefits of SPF will come with the time, when others adhere to it.
I have referred the Sender ID and its relation to SPF, but I didn't extend myself on any explanation about it. Probably you know already the reason, the politics of Microsoft is always the same, patents of software. On the references you can see the position of the openspf.org about SenderID.
On a next article we will talk about the configuration of the MTA, see you then.
I hope to give you a short introduction to SPF. If you are interested in learning more about it, just use the references that were used to make this article.
Webpages maintained by the LinuxFocus Editor team
© Bruno Sousa "some rights reserved" see linuxfocus.org/license/ http://www.LinuxFocus.org |
Translation information:
|
2005-01-15, generated by lfparser_pdf version 2.51