----- Original Message -----
From: "Pavel A. Zavyalov" <motto(_at_)yandex-team(_dot_)ru>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, December 06, 2004 7:38 PM
Subject: Re: [spf-discuss] FairUCE
Stephane Bortzmeyer said the following on 05.12.2004 20:20:
Yet another miracle solution against spam, this time from IBM:
http://www.alphaworks.ibm.com/tech/fairuce
http://www.alphaworks.ibm.com/aw.nsf/FAQs/fairuce
_FairUCE only sends a challenge when the mail appears to be spoofed_
Oh, no! :(
Not a lot of technical details, unfortunately. It looks like they are
doing SPF without the actual SPF record, just by guessing what the SPF
record could be.
Quote :-
FairUCE (which stands for "Fair use of Unsolicited Commercial Email") is a
spam filter that stops spam by using verification of sender identity instead
of content filtering.
[......]
How does it work?
Technically, FairUCE tries to find a relationship between the envelope
sender's domain and the IP address of the client delivering the mail, using
a series of cached DNS look-ups. For the vast majority of legitimate mail,
from AOL to mailing lists to vanity domains, this is a snap. If such a
relationship cannot be found, FairUCE attempts to find one by sending a
user-customizable challenge/response. This alone catches 80% of UCE and very
rarely challenges legitimate mail. A future version will incorporate Sender
Policy Framework (SPF) or similar sender identification systems; SPF-enabled
domains will not require a challenge. Challenges are sent using a dedicated
queue with a short lifetime so it does not get bogged down or interfere with
legitimate mail.
UnQuote
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492