EmailUniverse.com   Email Newsletter Publishing Strategies  
Search In Epub
 
   
   

  » Ezine-Tips
  » List-News
  » List-Lingo
  » Epub
  » Submit Articles
  » Submit Ezines
  » Ezine Awards
  » Manage
      Subscriptions

   
  Ezine-Tips
  List-News


  » Home
  » About
  » Affiliates
  » Advertise
  » Subscribe
  » Contact
  » Privacy
  » Site Map

Got an Ezine Marketing
or Email Newsletter
Question?
AskChrisKnight.com

 

EPUB Archives

[Thread Prev][Thread Next][Thread]
[epub] RE: Clarification please, John Glube 
Wonder Wyant wrote on April 5, 2005 2:23 PM  

|* Publish an SPF policy record for your domain, as the
|larger ISPs like AOL are using SPF record checking to
|verify the email source for bulk mail. To avoid problems
|with message forwarding, end the record with ~ all.
|
|I'm sorry but I don't really know what this SPF policy
|record is.  Could someone please enlighten me?

SPF stands for Sender Policy Framework. 

A sender publishes a list of the IP addresses of mail
servers authorized to send mail on his, her or its behalf.

The idea was that by publishing this list, the sender would
identify which, if any mail servers are authorized to send
mail containing the sender's domain in the SMTP mail from
or return path.

In turn, receivers could check this information when
receiving mail and determine whether the "sender" was
authorized to use the domain in the SMTP Mail From or
return path.

SMTP Mail From is a command sent by the sending mail server
to the receiving mail server at the time of mail transfer.
The command announces the path which the receiving mail
server can use to send "bounce messages."

Since those sending UCE often use other people's domains
without permission, it was felt this approach would help to
prevent unauthorized use of people's domains. This is
called domain spoofing.

Receivers could check the sender's SPF record. If the
sending mail server was authorized to send mail with the
sender's domain in the SMTP Mail From, this could be used
to identify the mail source. On the other hand, if the
sending mail server was not authorized to send the mail,
the receiving mail server could feel safe to reject the
message.

At least this was the theory. In practice, SPF has a number
of flaws:

* It breaks mail forwarding, which can be a significant
issue for Internet access services offering mail services
to end users.

I send mail to foo@xxxxxxxxxxx, but the message is sent to
forward@xxxxxxxxxxxx The receiving server runs a check and
finds that foo@xxxxxxxxxxx is not authorized to send mail
containing my domain in the SMTP Mail From command. The
result? The message is bounced.

* It does nothing to help identify the sender's reputation,
but simply the source.

* For micro business owners using shared servers and
accessing the Internet through ADSL or cable by way of a
dynamic IP address it can be a pain, because you have to
identify all of the access routes in your record. 

To provide a proper record, you have to identify all the
different ways you can send mail. Your ISP provides you
with an IP address which is changing. Then there is mail
forwarding.

To deal with these issues, it means you have to identify a
large block of IP's and end your record with ~ all. 

~ all simply means I think this is all the ways mail can be
sent using my domain, but I am not absolutely sure.

For those running their bulk mail through an outbound mail
server, SPF works after a limited fashion. 

After some testing, AOL and some other ISPs have decided
they can use an SPF record check as an aid in confirming
the identity of a stream of bulk mail. 

This check can then assist in determining  whether a
particular mail stream is white listed or black listed,
based on their own reputation analysis.

In addition, the folks at SpamAssassin have noted that
checking SPF records, because of the issues with mail
forwarding and the like, can result in a significant false
positive rate.

What is of interest, is that:

* The use AOL and others are making of SPF records is
better served by a proposal known as CSV or Certified
Server Validation.

* The SPF community believes their protocol, if implemented
can solve the problem of "unwanted e-mail."

Unfortunately, from a technical perspective, SPF is a hack. 

But, for marketers, the whole process has been an
interesting exercise in how to promote an idea.

The way to bring online abuse under control? Through
network security, backed up by strong enforcement, so that
ISPs stop being arms merchants. 

E-mail authentication, content filtering and block listing
are all useful. But, in reality they are simply band aids.

For links to the SPF protocol, a wizard to create your own
record, (including an SPF record for authentication as
requested by Microsoft) along with additional reading
material as to why e-mail authentication, review the
article found in my signature line.

Trusting this helps.

John Glube
Toronto, Canada

Are You Ready To Make Email Work For You?
http://www.learnsteps4profit.com/emgr.html
[Thread Prev][Thread Next][Thread]

Thread Index




© EmailUniverse.com - All Rights Reserved Worldwide - Ezine Publishing Secrets (Coming Soon)