spf-discuss
[Top] [All Lists]

Re: Welcome new subscribers. I have a dream.

2004-01-12 01:11:35
Excellent message. There is a good balance there between what it can absolutely do now and what the long-term vision may hold.

Here are a couple things I might add.


--Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:
                              What is SPF?

SPF is an anti-forgery mechanism.  Initially, it will be most useful for
combating joe-jobs.  That is the main reason many people are publishing
records: they don't want to be joe-jobbed.  In the long term, it is
meant to help solve the spam problem by strengthening other tools that
attack spam more directly.

SPF protects you against joe-jobs (such as messages from joe(_at_)aol(_dot_)com that joe didn't really send). SPF can also cut down on misdirected abuse reports (such as spam from wxyz19845(_at_)altavista(_dot_)com which causes bounces and complaints to the admin of the forged site).



The goals of SPF + reputation systems are, in order of increasing scope:

1) stop joe-jobs, worms, and viruses
2) enable better spam vs ham decision making, by encouraging
   blacklisting on the basis of domains, not IP addresses.
   (IP blacklists tar too many senders with the same brush.
    RHSBLs are more elegant, but need sender verification to work.)
3) reduce false positives from good senders who publish SPF
4) make spammers more accountable, having to use their own domains.
5) make spam a losing proposition so spammers eventually give up.
6) after winning the war, to fade into invisibility.
   (Like any good immune system, SPF should work in the background.)

These goals may take some time to achieve, but we will get there.


Here are some benefits to add:

Decrease cost of fighting spam by reducing misdirected abuse reports

Add value to "white lists" and "bonded sender" systems

Protect users from scams like "paypal needs you to confirm your credit card and password, click here" (falls under joe-job but may be important enough for its own line)




--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡