How to fix e-mail authentication spec
Sender Policy Framework, a specification designed to authenticate e-mail senders and therefore cut down on spam, has one significant flaw -- which a technologist presenting at the MIT Spam Conference 2007 here last Friday aims to fix.
SPF attempts to eliminate spoofing -- or forging the “from” component of an e-mail -- by having senders specify which mail servers they use to send messages from their domain. The server receiving the mail then can check that the server the message came from matches published DNS information, according to the SPF Project.
[ Read more ]