Sender Policy Framework (SPF) Helps Stop Spam & Phishing

Filed in by Kirk Averett | March 3, 2005 9:35 am

Spammers, like everyone else who sends email, have to send their email out using a computer that knows how to act as an email server. You and I use the outgoing (SMTP) mail server of our email provider[1] or our local Internet Service Provider (ISP). But ISP.s and email providers block bulk mailings so spammers have to find vulnerable computers on the Internet to hijack and use to forward their spam while using fake .From. addresses inside the email message to hide their real identities.
How it works
SPF[2] can help with this in a big way because it helps to filter out the fake .From. addresses. SPF just means that an ISP has taken the time to add a few (easy) lines to their DNS[3] servers that clearly state: .This is a list of Internet addresses on my system who are allowed to send email for this group of email addresses..
So.if I get a message claiming to be from joebob4billion@aol.com, my anti-spam service can ask AOL if the computer that sent that message really is authorized to send email for AOL. If AOL says yes, then I continue on with my anti-spam checks.
But if AOL says no, then this email message is very likely to be a spam email or a phishing email.
Raising the bar
As with all forms of security when SPF gains major acceptance spammers will find a way to respond. They will work harder and be creative to find another way to accomplish their ends.
But for a little while the SPF bar will make a dent in their ability to send unsolicited email. The hope is that someday the bar will be high enough and cost enough that spammers can’t make a profit selling the things they do now.
-Kirk

Endnotes:
  1. email provider: http://www.webmail.us
  2. SPF: http://spf.pobox.com
  3. DNS: http://en.wikipedia.org/wiki/DNS

Source URL: http://www.rackspace.com/blog/sender-policy-framework-spf-helps-stop-spam-phishing/