What if everyone used SPF?

To end my SPF series, I’m going to consider the following question: what if everyone used SPF? Would it “end” spam?

The answer is, of course, “no, but…”. But, first, let’s understand the question itself.

In “everyone used”, what does “used” mean? If you followed my previous posts on this subject, you’ll know that there are two distinct parts: having an SPF record for your domain, and configuring your SMTP server to reject email purporting to be from an address with a valid SPF record, when it doesn’t come from an authorized server.

Let’s assume that the question implies both.

So, if every legit organization had an SPF record and enforced SPF in their incoming email servers, what would it mean?

It still depends on what was meant by “enforced”. For instance, as it is now, it makes sense to use an SPF record (and reject mail coming from an unauthorized server, as I mentioned before), but not to require an SPF record, as most of the world is still not using it.

If that changed, though… it would certainly make things a lot easier for the “good guys”. Think about it: what does SPF prevent? The faking of sender addresses. Who ever does that? Spammers. Therefore, who has ever a reason not to use an SPF record? Spammers. In a world where every legitimate organization used SPF, having such a record wouldn’t mean that the sender wasn’t a spammer, but not having one would certainly mean that he was. Ergo, reject any mail from a domain without an SPF record, even before verifying whether the origin server is authorized for that domain.

Of course, spammers would adapt, and have SPF records for their own domains. But never again would they be able to fake a sender address. They would never again be able to efficiently pretend to be your internet provider, or your bank, or Facebook, or anything like that. They would have to use their own domains in the sender address… and they don’t exactly tend to look “nice”; besides, they’re not what your ISP or your bank would use.

A world with SPF would mean a world where you could actually trust the “From:” field. Can you imagine such a thing?

Tags: , , ,

29 Responses to “What if everyone used SPF?”

  1. Vítor Pires says:

    http://www.openspf.org/FAQ/Envelope_from_scope

    Despite believing it could help it’s still possible to use a “sender/return-path” header with a different domain “from” header and the one which is checked is the “sender” one which is the right way in my view.

    Imagina the “send to a friend” functionality in some websites. You want it to be identified as you sending but the actual sender to be the site itself so it won’t be marked as spam. Of course this could be used by some spammers to send mails but still obey to the spf check..

  2. “The faking of sender addresses. Who ever does that? Spammers”

    You confuse Spammers and Phishers, not exactly the same kind of people.
    Even if SPF was adopted by the World, SPAM wouldn’t stop. SPAM exists cuz people react to it, meaning in this case people go see the site and perhaps buys the product. For this kind of people doesn’t matter the sender’s domain, only the Subject, if it’s about viagra and they have a small dick they will open it. Today most SPAM comes from domains senders that has nothing to do with the PUB on it

    Who normally sends fake senders address are phishers, but this wouldn’t stop phishing, cuz the real problem is people’s brains size.

    • Well, I was using “spammers” as a catch-all term for “bad guys who send email”. Besides, most anti-spam systems treat phishing emails as a form of spam (e.g. Gmail’s spam folder, or SpamAssassin.) However, in my experience a lot of them (actual spammers trying to sell Viagra, not phishers) really fake their email addresses — for instance, using the destination address as both the “From:” and the “To:”. If they are prevented from doing that, it makes it possible — not easy, but certainly doable — to have a sender domain black list, which would, I think, help a lot.

      • Exactly, Spammers fakes emails senders cuz they don’t wanna buy domains, not because is important for the SPAM to successes, and making “From:” and the “To:” the same proves it. SPF world implementation would give godaddy and alikes a little more money, but wouldn´t stop spam. RBL’s would have names instead for numbers, not a big difference, i think.

        I could buy one domain, myspam.org, and making thousands of subdomains for free using it for senders address.
        If the RBL’s instead of listing all my subdmains, decides to block all with something like *.myspam.org, i would buy some subdomains on co.uk making spam from it, doing a mail DoS to all others legitimize co.uk submains. Not that easy to make an domain black list is it?

        • The point of things like these is not to perfectly end spam, just to make things more difficult for spammers (and, in case of SPF, mostly for phishers, as you say). The fact that something isn’t a 100% perfect solution for a problem doesn’t mean that it isn’t still a good idea.

          I don’t know if a domain black list is viable, and it wouldn’t be a magical solution, of course, since, again as you say, it’s just a matter of registering a new domain. But there’s still that additional effort (and expense). In an SPF world, a new domain would have no more than hours of spam sending before being universally blocked for good. Nope, again this wouldn’t end spam. But spam works because it’s incredibly easy and cheap to send millions of emails; everything that makes it even a tiny little bit less easy or cheap makes a difference.

  3. woolworths offers

    What if everyone used SPF?

  4. Freedom Mentor Reviews

    What if everyone used SPF?

  5. Freedom Mentor

    What if everyone used SPF?

  6. Eric Gonchar says:

    Eric Gonchar

    What if everyone used SPF?

  7. Brian Poe Lexington KY

    What if everyone used SPF?

  8. Tonye Cole says:

    Tonye Cole

    What if everyone used SPF?

  9. Andrew Fleming Chicago

    What if everyone used SPF?

  10. Art Falcone says:

    Art Falcone

    What if everyone used SPF?

  11. automobile says:

    automobile

    What if everyone used SPF?

  12. Terry Simpson MD

    What if everyone used SPF?

  13. Andy says:

    Take a look at these pros and cons of grocery shopping online to see
    if you think it is for you. Though both have different tastes of cakes,
    Goldilocks and Red Ribbon has their similarities such as the popular Chocolate Mousse
    and and Chocolate roll. When you filter using ‘the best’ you’ll see Grub
    – Hub customer ratings as well as Yelp’s cumulative ratings.

  14. Mentorskap är en viktig del av att uppmuntra en kapitalistiska tänkesätt i kommande generationer. Var och en av oss, oavsett vilken arbetsfält vi befinner oss i, kan peka på någon i vår karriär har vi lärt oss. Det är nästan omöjligt att hitta en framgångsrik person som har gjort det på egen hand. Och det faktum är att många framgångsrika företagare pekar tillbaka till Stephen Bracciale av Tampa som sin men

  15. Джоан Gubernick служит их В.П. Nagg и Нелл имеют сходство с Оскаром Grouch в большой круглой, олова може&#1090

  16. Hollister Eu says:

    Peak oilThe Peak olej má genézu v správaní jedného oleja dobre. Po ropný vrt je vyvŕtaný a začne produkovať, jeho výroba rýchlo hity svojho vrcholu a začne Ray Ban Sluneční Brýle klesať, pretože nádrž poklesu tlaku z výroby. To isté platí aj pre skupinu ropných vrtov, a to aj pre celú oblasť, alebo pre celú krajinu, v určitom okamihu prirodzený úby

  17. Wow that was strange. I just wrote an really long comment but after
    I clicked submit my comment didn’t show up. Grrrr…
    well I’m not writing all that over again. Anyway,
    just wanted to say fantastic blog!

  18. Austin Watson, RW: A frente poder protótipo em 6 4, 202, Watson é considerado como um jogador sólido em dois sentidos que pode fazer um pouco de tudo. Mas duvido que Hangover Praça de Patrick Hamilton teria tido o mesmo efeito e eu sou grande crente na mente subconsciente dirigir-nos para livros, filmes, peças de música, eo mais importante as pessoas, que acabam por ser exatamente o que precisamos em Seus dois primeiros álbuns fizeram dele um dos cantores de ma

  19. Clean Current Project Directory websiteI think I may have just by accident discovered a cool feature of the Canada Goose Stockist London “Clean Current Project Directory” command around Reaper.I currently have a project file for a song I recorded. It has the Reaper Project file, backup copies saved every 3 mins, and an Audio folder. There initially were lots of bad takes and half/rough takes that I could rub out using “Clean Current Project Directory,” but I decided to complete a brand new “Mix

  20. Iba najstarší lekár v prestížnej inštitúcii je hoden úcty ako vydesený pacient požaduje externé odrazom jeho alebo jej vlastné krehké vznešenosti v lekára. Niektoré z odpovedí na dotazník vybraný vzájomnú závislosť Hollister Mikiny Damske všetkých ľudských práv, záruku slobody jednotlivca v tvári síl spoločenstva a situácií prot

Leave a Reply


Sore Throat

It is a very attractive website built using wonderful features based in Wordpress. It is an informative health care blog regarding:

Simvastatin

You can learn more about Simvastatin or Zocor which treats triglyceride and high cholesterol levels in blood. You might need medical attention for Simvastatin side effects.

Atenolol

As a beta blocker Atenolol is a drug used primarily in cardiovascular diseases. Be careful! Please be informed about Atenolol side effects.

Metoprolol

It is a receptor blocker used in treatment of several diseases of the cardiovascular system, especially hypertension. Metoprolol side effects must be considered for this drug.

Yaz

Known also as Yasmin is used for ovulation prevention. Before taking it, read Yaz side effects.

Zoloft

Also known as Sertraline is an antidepressant of the selective serotonin reuptake inhibitor. Consider the related topics:

Do not forget to read also Zoloft side effects since it is well described.

Lisinopril

It is used in treatment of hypertension. Before using Lisinopril please refer to Lisinopril side effects to avoid heart problems.

Citalopram

Is an antidepressant medication that belongs to the group of drugs called selective serotonin reuptake inhibitors. Before using Citalopram please refer to Citalopram side effects to avoid problems.

Drug addiction

Be informed for drug addiction facts, drug addiction treatment, drug addicts. Look also for a rehab for heroin and cocaine or other drugs