-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 10 June 2004 11:14 am, Stuart D. Gathman wrote:
Virii lie about who sent them. It only annoys innocent bystanders to
send this kind of message. At the very least, send such messages as MAIL
FROM: <> or MAIL FROM: <postmaster(_at_)tfeurope(_dot_)com>. That way, I can
automatically discard them when they reference messages our mail servers
did not send.
Also, do yourself a favor and look at SPF:
http://spf.pobox.com
You can help prevent the same thing happening to you by publishing SPF
records. And you can avoid annoying as many innocent bystanders by
checking SPF records for mail that you receive.
How about this:
Your email server sent a bounce message to my server. Since I did not send a
message to your server, this is considered unsolicited mail or spam.
Attached is the message I received.
I would normally discard such bounce messages as I receive about X a day. I
want to introduce to you SPF and how it can solve this particular problem,
however.
I have described what servers are allowed to send email for my domain via my
SPF records published via DNS. (Try querying DNS for TXT records for the
domain X.com) The server that sent you this email was not one of them.
I would encourage you to configure your mail servers to check SPF records.
Configuring your servers is easy. Software for all major email servers is
readily available, including sendmail, postfix, Exim, and Microsoft
Exchange Server.
Publishing SPF records is also quite easy. There is a tool at
http://spf.pobox.com/wizard.html that will help you determine what record
to publish.
Over 19,000 domains have published SPF records. Some notables include:
- Amazon.com
- AOL.com
- blah blah blah
You may find it important to note that AOL will only whitelist domains that
publish SPF records. If you do not publish SPF records by the end of the
summer of 2004, then your email may not be received by AOL. AOL has X
million subscribers which represent about Y% of the total number of
internet users. Many other domains are going to enact a similar policy.
More information on SPF can be found at http://spf.pobox.com/. If you have
any questions you can email me or the SPF help list at
subscribe-spf-help(_at_)v2(_dot_)listbox(_dot_)com(_dot_)
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAyKrIBFeYcclU5Q0RAhGAAKDVYnbFfnEe22I3NFxUE/JPPvo8YACfQUak
QbCCWIMrNkL6WJNEocfim04=
=XwRw
-----END PGP SIGNATURE-----