SPF Group, Microsoft Work to Converge Anti-Spam EffortsBy Larry Seltzer | Posted 2004-05-25 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
"The New SPF" modifies SMTP mail protocol to combine benefits of old SPF spec and Microsoft's Caller-ID.The author of the Sender Policy Framework (SPF) specification has announced a proposal to converge the specification with aspects of Microsoft Corp.'s Caller-ID spec. Microsoft is expected to follow up with its own announcement soon.
SPF and Caller-ID are two of the more prominent efforts to introduce authentication to the SMTP protocol, filling in holes exploited by spammers to avoid detection. The two approaches have different benefits and limitations.
The "new SPF" as Wong calls it would add a new "RFROM" parameter to the SMTP SEND command specifying the "purported responsible sender," which specifies an e-mail address responsible for the transmission of the message. Mail headers contain many addresses, and the responsible one can differ depending on a number of common circumstances, such as messages forwarded from another address and messages sent by a mailing list server.
The existence of the RFROM parameter would allow new SPF servers to confirm that the address seen by the user as the sender of the message is not spoofed. The old SPF lacks this basic defense against "phishing" attacks.
How this convergence will be received by MARID, the IETF standards body currently working on an authorization standard, is unclear, as are possibilities for incorporating aspects of other proposals, such as Yahoo's Domain Keys.