Channel News and Analysis - Channel Insider
Empowering the next generation Channel
 
Bull’s Eye Awards
Nominations Open for Channel Insider 2009 Bull’s Eye Awards
Nominations are now open for the Channel Insider 2009 Bull’s Eye Awards, which recognize excellence in customer service, technology prowess, business acumen, channel leadership, communications and community building, and innovation among vendors, solution providers, distributors and channel services companies.



Sponsored Links
  • SonicWALL breaks through network and email gridlock
  • Save up to 40% on calling costs with Avaya Aura™
  • HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us/go/4


    		•  

    SPF Group, Microsoft Work to Converge Anti-Spam Efforts

    in Channel News and Analysis
    DATE: 2004-05-25 | By Larry Seltzer


    Article Rating:starstarstarstarstar / 0
    Article Views: 1191

    Rate This Article:
    Poor Best
    Add This Article To:
    "The New SPF" modifies SMTP mail protocol to combine benefits of old SPF spec and Microsoft's Caller-ID.

    The author of the Sender Policy Framework (SPF) specification has announced a proposal to converge the specification with aspects of Microsoft Corp.'s Caller-ID spec. Microsoft is expected to follow up with its own announcement soon.

    SPF and Caller-ID are two of the more prominent efforts to introduce authentication to the SMTP protocol, filling in holes exploited by spammers to avoid detection. The two approaches have different benefits and limitations.

    Meng Weng Wong, author of the SPF specification, explains the high points of the convergence plan on his Web site. SPF focuses on the SMTP "envelope," the portion of an e-mail message that precedes all the headers and contents, while Caller-ID focuses on the headers.

    Resource Library:

    SPF can reject messages in which the sender specified in the envelope doesn't match a list of mail servers authorized by the sending domain. Caller-ID also checks a list of authorized servers, but based on the mail headers. Each approach stops different types of mail problems, and SPF also has the advantage of being able to reject a message without having to accept the contents from the sending server.

    The "new SPF" as Wong calls it would add a new "RFROM" parameter to the SMTP SEND command specifying the "purported responsible sender," which specifies an e-mail address responsible for the transmission of the message. Mail headers contain many addresses, and the responsible one can differ depending on a number of common circumstances, such as messages forwarded from another address and messages sent by a mailing list server.

    The existence of the RFROM parameter would allow new SPF servers to confirm that the address seen by the user as the sender of the message is not spoofed. The old SPF lacks this basic defense against "phishing" attacks.

    How this convergence will be received by MARID, the IETF standards body currently working on an authorization standard, is unclear, as are possibilities for incorporating aspects of other proposals, such as Yahoo's Domain Keys.

    Check out eWEEK.com's Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

    Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page



    Discuss SPF Group, Microsoft Work to Converge Anti-Spam Efforts
     
    >>> Be the FIRST to comment on this article!
     

     
     
    >>> More Channel News and Analysis Articles          >>> More By Larry Seltzer
     



    		 

    Related Content

    Articles Labs/How-To Multimedia


    [ci] feeds
    XML
    Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

    HTML PLAIN TEXT

    Keep on top of news for VARs and Resellers with CI's Weekly Newsletter and Alerts.

     

    CHANNEL RESOURCE CENTER
     
     
    How to Unleash Application Performance with Solid-State Drives and Sun Servers
    Unleash the Beast! Learn from Sun and Intel experts how Sun servers equipped with Flash-enabled solid-state drives offer dramatic improvements to HPC, Web 2.0, and data center application performance Watch this video to learn more
    Watch Video
     
    Build A More Efficient Data Center
    Demands are growing but budgets are not. Solve your pressing IT issues using the resources you already have. Determine which technologies can help you drive efficiencies and how they are applied. Gain a quick ROI on new initiatives
    Find out how
    Easily Monitor Virtual, Physical, and Cloud based assets, applications and services from a unified Dashboard with up.time. Deep Monitoring across platforms and best-of-breed reporting. Over 700 enterprise customers in 32 countries.
    Read Article