|
|
|
SPF Group, Microsoft Work to Converge Anti-Spam Efforts
By: Larry Seltzer
2004-05-25
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
"The New SPF" modifies SMTP mail protocol to combine benefits of old SPF spec and Microsoft's Caller-ID.The author of the Sender Policy Framework (SPF) specification has announced a proposal to converge the specification with aspects of Microsoft Corp.s Caller-ID spec. Microsoft is expected to follow up with its own announcement soon.
SPF and Caller-ID are two of the more prominent efforts to introduce authentication to the SMTP protocol, filling in holes exploited by spammers to avoid detection. The two approaches have different benefits and limitations.
Meng Weng Wong, author of the SPF specification, explains the high points of the convergence plan on his Web site. SPF focuses on the SMTP "envelope," the portion of an e-mail message that precedes all the headers and contents, while Caller-ID focuses on the headers.
SPF can reject messages in which the sender specified in the envelope doesnt match a list of mail servers authorized by the sending domain. Caller-ID also checks a list of authorized servers, but based on the mail headers. Each approach stops different types of mail problems, and SPF also has the advantage of being able to reject a message without having to accept the contents from the sending server.
The "new SPF" as Wong calls it would add a new "RFROM" parameter to the SMTP SEND command specifying the "purported responsible sender," which specifies an e-mail address responsible for the transmission of the message. Mail headers contain many addresses, and the responsible one can differ depending on a number of common circumstances, such as messages forwarded from another address and messages sent by a mailing list server.
The existence of the RFROM parameter would allow new SPF servers to confirm that the address seen by the user as the sender of the message is not spoofed. The old SPF lacks this basic defense against "phishing" attacks.
How this convergence will be received by MARID, the IETF standards body currently working on an authorization standard, is unclear, as are possibilities for incorporating aspects of other proposals, such as Yahoos Domain Keys.
Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page
|
|
�������x}r8s;�iW1E%uȖ\ִmy,Uyc#�� IlS$l{'ˉ�.KrE�A$DސH$#�I"f\8ܢd�C�3齿O$w��m��L�9PK�Ϡ^#W�Zj:@a5˜؍Nz&��p��Dw�d�>9|@D��)5'Ӡ6? =/3mB}�F�7�\�3�c��gb�^�Q�$Ё_
¢�%yCRp�DRงB@Te�G$|ߢc�oN��L6O)L|@��ɠiԣF�r(˚79h42ۼM�YnT\BX-URYTߛi�LTeםϷzs˯BEQB~ѿ]H� #Ko�
-'�ijQT\tO{\>w?ȣ
�9N.���Aֶ�߈+�Q\�"*+Jx4K��I�>z��� �RM7J�QߨPKT/�H-�\jGzZzO`F`%�pbQB�9�gSKrй;d99;vN|��bPUU�z 12ؕ�3Fz3u��7Kew'k|tH
_GlD
��Wh6 -NZV�7`Kk'ޮC燙E�[Cy�Cm0Mߑjr]Rr?#1�\u4ZWϻ'$'MDۃ6��247QZh,w.s$db&Z~@X
V�� Q3o�F5
x��%�2Ȍc�Pu��t9�C;L}ƚN(zZR� E/<@#X]w P3Z�$�9�2�3��
'�|�#8U%Kes7p@W-crjNTꊬ2Wr{gHK�\z�cOuMW~�?]t�8J,0B-$]evr�cԶ7�j�ϏV)ÛQ *�J跰 hS�2e8l�İ2nб6�?σ�@
ti3#|>95Fm'!|�e�
mx=Z.33I��Xn`��Hqpy4�ڭ�-%H_� ><��FN�J$
>6�Z�χ�`j�˦MfB9�{ǻ�erg�m͠~�(wMnH�i>X^0��{@`^@Z�8`�88ʼ��E�8�ѵO�>{0g`sD;ʹiǀxԘ�0$�2Z}#%n.G))�$C[�]Pv9�B�
B�!\��0 H��V�(
r)i�LO:\v{B#ܙ8C\~(5aGe�-n^
$�d3CCdQu Q<"`&�ˑea*0pRx5Qn`oJ#UWj& MX,p��U{<7-` �-��& C
K,t��t�ԟx=F���n;A�뎒�:�\���Vh9�L) ./||�P�aA�ݤ6�93mX0NM}J"+p5(Bk?fx
Q=6`\2'�5P�%~K{]ؠ9A7ÚLC�Q+ow7 =5q
؇�CUT3_I<2_O#i[}�� �e h�B=Ss��&A|5��i!3'Xe�onq^i:[�Lg˦"kͲXؽ/ 7r@2Km��*4F�@0V�+,;7�(kc:+�_ii��HH*6�@\\3-#��%.�?W0�Z�'m;D=tl=5Ǡ}nP�KQ"�G&,-s��V+��^Ϛe+ �L��2�4�`
�DlVCax5�Zz'�As,]O�T�.n;������p6H�%2ĂN�?ATiSt
ˀQ*5%R>ka@/�ı@b=�-\�Všc-fˋ°Y]�˖48~5l4^w:#�V!2���D+ه0`�M�EN{6b^)#B~*+BQQb/`kLĽf��2Ts`M[`R9cDzlĠL#k(-ER&�=���G�5MH85G[τOAU�
88qx3??4X)0,L�y�.r�� 2q͝a&�?@�&R)Ö13gdimFGǙXT&j/A�bPI}&Xk5�F�><}*O|qNxH�� �E�.҈��ڀ���D(r�HU�X�#±U�鬢cKQ0SKm{hA��y-X\>(Dtm?`�"!>}ڧ�ns�sQ*r73 T|�OfZV,֪16DZV�\=*)j��V�=>�2z�4Ebw�c�:1о�#\\V`Qa�SF=4F�X\odHЮ�$#S^(gF(k1��.
(�H3�0=�Gf^9/&?!'j7�p�e�>#ylR)btxLǖ8)ё,H���r*-Mޭ�.�F���'F���6@\=�<��vo�S�(0f�Ӧ-b�h�sֻe=O᧔Z�ӁQ}/5u<|X\.�(``!>F0f&P�Lo�
P
~eͻ��,_]pH1�)dyDF4@/=q8bk
�lb{�}rq�@l#RqCݜ5�m�"vyڀVI�JXhQ;_6MONVm(}�n�L:��?~WӅ�Lo'37� dZp|aP;E9Ȳ
(��3Jnfۤs:n&20061�e>c'Ww�}^A�p��A JǸ}sWn�~-]۠�|m�,Mn1y�c�%[Ŵw)n<0{�L3gF�>
inUr�d2y6(Z�`E'8�D1$5�,K0Ij�P3sqӳP.T*E0=k"�WA�Ұg�/s_�5u_&qD�yC[Tޫю�"eάR/Q U-q'�.҂^ߍK�S�T1 Vv}b;_I|SeȣV��8�<�V6jR�aokA~�fZX)#=�g�R T�>�O3(~�(zC>ku�
uAL>�X�Q]z�U�CUT-Vr!!~ͳ!vQ%Ǹ"ZAX_xLl
�AK�l!�/`.R(S�/z�4["X.)DД�7ϰ��3�Rb�
�
kxG�te-Bwyr�@�O+osk�KI�m'ϱ�Kz�k�5��U!뷲�NIjVڳ$t`�� ۳<0�%q*LLi;�I@r;~O+a>&ra���:��*�|@t�ɒ\�'
*BX]q,g(��X9H(P Yz>Gɷw��f/lCXx|{
`?K�{c$ $"z��дr3.=2��fxX�7&3 9914/xqi`�z
��o!(0�H_dpm;dU]uv�'HG�ޏ.cﻛn{pvH*ۧ>]�E!1@q�3f^;.� �u��Q�aVv�ҸGZ@MC�~?�I嗏Om{g�i\·[Tez�LR(���I�16b�d+]=+aoZvtц;0F@�ɁU{ABh]^/~{(�9^vdcxޕdG��uxyȒu8*Dyu�p|ly0amG�'E��Lk�҃a��n��H!u,v���N/Ns:VTzF_kɾ,8ϐA�Tth0ZSkޚcs�~uk�`!旁��PH2>(_��a�
#��{ z�P)'$��n%:�c{$��BLR`2"(BRHHO�Ux[(��6[�F_��ٿ��~KiV�
T
�t6~hO�+0wAGg5q�v3��a~wbS`ۇ��_;�s3�0i!�^��o��<%x .M>wRo�4�jG�Yk�.NE�m�{-~G0��cl9a��R)%bz�&
[via%uyjdJ)%SBt��02L PU7,O$y=%lQ2 (KBh%�lbTHRoO�պ�m@ybZӽK3BǝJ$c��Ζ�f��ė4 ��ݓy��)� -�|8SB[(GH
Tդ�
Zz]UH*?v�Ƈ!�qb��wy�~@0GW吜zC=?rUm_f�=z@'�M{q?K8�:Gw*b9,_�Aݾpne9?�jwh{tx�GM{@uS意g�
ڝ9�k�rĸEl�{25Kd�ؗ{vOKn4�]9hn舧�Usd{I2$B�Eͫ*ۻ�ɾȜ9%/�r{ld+N�$Q�d1ם�0dƛ'q=+��==4zo=ȥ�'q?W<��`Ϛ7�7�2]awK�]�Jˢ{9nZh�p;ī%ދK*qɧyu�Z�ГG���mחB�}ȿ
LĬh�g2h띫y�sL��>dO1\Xki��2��>
ZA#Vrl8w@rs&�cx�2�HB%�wVp�*gcc;/�F#%g&yȱ�m�@|Րr/�h1i�`jcZ/p8|+؊wf/'Ɏ?e{kA�|;-e�\wcR+
��ZR|
� �.w�i{\na�a0^o><�"s�(ı��߂KCƧ3ӆUe[�\I
ı��"+�q�jPŪy(�Ep�Ysʃןo>�0}h4_�y27
>�2�FC)�+|X]ӭ)a]O,�7}\a3waKO4Rr>aqk�u~شI2a_��r<,`=s3P,{w@YfV)5w%?�FΖ�1�vc�й-a�~n+ADL[ǖNK|2 �\ru�~8��Dd,Oijf�9(�@8eMBa:8btzq�l@>sBP�i�2Pq�<8�V�)�>8V�c"�PV�V=QS�}(!r��;S*v
F�/3̿U�+URL/J$埇]q!q�/���{� ܒI�z[Z(ᄕZL/OXƌg��MQ�ME(ܷ8q��V�7��I�k>P!g@ƈM%"煅`J$]JɇJEgXv�ZkjQͧy
`��_v4cm'cb-IB`�+��[>�@ߤt�1!Nv�}s�iV_\C%XϟӉ ��(JW�2�,�(5g`!0Gyi�e�p$f`%�ط%�5BG9w"
Ji�13rl2�8j�ƚ+p7777_ſYWHz 7gZt"ʕX^q��xN=mF1!�O) @uS<>�F\hd8/iho�(xS$j�j(ac79�;��ٛ5[ԘP%g�$r<+|�0p.4Mv3CӰ�;Ig�nsKc orp
}ם9$���![�o���`�o�>�|)�6_�֖D\|mIN�HW3suC�� ka��l~At|Y�6_�ܖT\zm*n#T/tK]~��Bkspp�ᑸ9�Z-n�W#�}tz��q8m4-.t$K/]cJ�*MaRp)_ť��/
�Pť}}*̆�|b-}EyO}@n?�xص�Dht~xCEX--)$R<�B��9��aWW��i.yÇҹކd�B�ݘji3E43
7Ky77770Vkjm;#�p`O|3Sgn��^+F<`�K*o"ݘ+,-�ͯefu净np�cs^a�݀ t
�.fh;(�64n�G)�ę~1o56o}mbD8`,]��wlqͭY�u\�Df1E-x1�pH,8 4�"I�;keXdc��*\}6��KsL�o��IA`NwF��ps7/+sχZ.A8�hd�p��D"�qQ�
y��]�:rCe�]N
gSoN��@Ҥ� bX�`hR�/�xYxfv�X$Eh�aq-���`oO�<�!!.�*}m/�^�3t�:r�X^ZVHmY�t(^
3sx&H\z$&d��Q6�{co+L����:!���H}E|ҩ\]h?5P<�gsg���"c9��_g+^NGnʸkj��븚e)7L%�x&�w�/Nsc2|R�&o̳MyBItϠ�k?0��ؘtLHJ�~P�a+m�t��U|�[`cXÉ�E�q{Os]@]�G̹+g^
5]_�|$mg�f��c�~��2H�@85�QY'6$
[IHc�s;WFPEX1̭-ddn�Vü*�Vj�p@dhp�=y�,;t�zD�\JMsL]�`gof^"R�l=[/� _毀�ײ?Ȁ{5=0�X^R,�S&p�]}�r�EcgccfeaW g9l3{#Sc1tq*o��(�i7��vP�L7�ƵV�xrڬLv�^\}H�ka-c4$pF�{�-�>1RW�h?Z�?q�T�&ݥ�e
u2fSx g
vf4돐
:6M]ؼ���r@~�RB~/f`G{E,駠T#|+ Z��Rc_عT?��o�7N jDv�xr7)@ T�֜rc[at��SUjձv1��cM[m+p��U���vr�CvJ
rˣa�#�ʱ,q|�ݚDyDWM�q.�w>)fF<�{y
�?L�m�_z^3X�v𥝛 �K� }�+n'-ohDP"^*佹u~ȩ�P}-*< ;,
�H=Ƥ8 8FV�tke�L٦ƗRµ
Iʥ�rQ��Dc�'ҽ&E"#mjj�~bT*#wCz�5PUk%E8yLiêOƹkc9���xl֟\�':�g�~dZ**w4Z@#T>,|Lьo���,��G�
��6_OOvKy�j>f|6�֢Ol9
sXx[Mw-=(o�F:`B��*�8�Q`�s~� +^Vb$�W7 a}�}Ҧ3�f;6v�n!�pp|�y1B��9,:sđjۋuNhO0F�V�5d3+nі�mmy.G4K,2;��4�]`f��7A�@C�"T75T>#�V̯nq�>U&[Q{Z
���ʯ�'�L��m
jMh%mfi�xo<6IxU⩌)qj�Б(W' �#n%�JYVmIr .�kh�>a8yO�R2>|6�ڄy���i$�Y�c
r'oy\Ixc#�k3dwH*+�_!ݰ�VI m{7�R[�$yʐ?ZƮEHW#�`�x+L��f�='yg0\^ #�i|Q^H���ou�&�aj�>4xhm>�]�|tH ](�]Afx�d�n(Os.}ꀶк�|U-~�m#kA�1H3�'TVotn~�":{A~b�#:�́
lZ
J��1F(Є��G#Os3uϸv:�sx�X���m�!�Y<#�8,�
r��I@�s<�3DD�i֜iĄ�9�y�[_0"(S[��]ă0T]h3(hOqW'Ag#jA{ �`�\�N���5
|{�#�@u�s��sS��RS¤vx\T+=>' .yHcI�� �^iN4X/nLf�MO��zwj꾌���B�p),f,�])B9|�Ե�>��\g�ޕa)豢��_�oS�wV7+ʟX�!z+i+*K����9I͑1;�*Yw���_�Ч�6#`ٷC�s�rڻ&-rzuj]y�?a[k�N|Sw{/'/urk|�|j5<6�/
�v(P^.:NSʙ`Q{¥,�9�K��x5�<
/�E�yx&f/Awp�+a^e=DU@^zu����NOA~ݾj6ⷶ#go:ٙEKN�#C|E@?h
J�c>4rU>{0�8���S~s2 N�ԼVxu�xQ�Q+Q~
כOZ@�2ʑ�ۀv'�O6�~N3�1�?Ag\5r_7^fC�k(�_6����s���Ȃ��"�?�0_�}^d�E�}"^f3(?A2/"�2c~/.3�2cz^F{ z��!_>2
_eԿ�Π>1>1� �l.�)>Cr�}�}
d�d
M�%u$e!(oeY
�No\�8�\8^��YOY射<(Cy<�<^`ek�W�x�sͿg�g{�%�[?[vNzBX\Jzp+z=k */de97�qմ c���
{}eh}1Ɨ*CymoR99� �A)Q.�
3l?V\[[,Oн�ۺ{'ϊ'NW4C�ﹲ�Kd^ Wsr>VD=՞bM�xG,E<�mc�sb��Ⱦw`T %/ܻ�GznQ2��L~�4̊RlOAptDw9�MAw1[Wa\/I>7�s�}v�`礿Lx��#ÄMYRcm%^#%x�<
�%$I:Gm}JzǞ0ـ�O� ؠ+.Ġ/�>''4WB)ugm�n:,Nd=:v��M�hă���ӱ�2�z+F2�jQwh}vWXs��Ș�oL"6G�4 h
�@a)x�D7(�#.�X&";�>m��?'.}F5+J'�"@2xԴ5[�Pŗ�;wa�3)f���GNFp)hN�<}�ݎ�2֭0�kc'p�g��u_SbzU�u ѫ�r!|�x@N�oMKK-jLīc� :ۓ|�?��O�e �Mt4/o9��kn>7Q$�Lyÿ�ˍt�/�A�sl2q�W43@FWD0;"����ZYc"sE��%��X,8/� �uf㿶;�ƝMQh|��9���-B<�ok3���Ϸ;��7x2;n�GO�eg[(|��_a[0~;#+U�rcdk�{f�:ePeX�l'�ᠢ׀o^��rX�տ"Ps::h݆G��0ޏqY�P�l@��xS�b���s=֏*.uf�利o6r!^�FE[]YtA
kwx>Y�}�#s!?²L�j3mg^:?ʂo/�Q�F$V30(�y��lH�9��m5'0X�1'��N�R�(t�f
cJ\g'�ۂ�~�ŕc���ˉ.X)��z"aZ!%ӫrX�otlQ�ozc|>[zwD,5bb:(/Z��0���
��9\Mhc{pfif�#3�S��3�{τ T4}js�X��# *#f"��WNENE<<�*ID~y�{S/|џ�],?I*g\�ƕy��Xqө8Y5?�_;+�cA��<]�E!�$ghv�V�;~v��?;kv a�%
ѨT\��t��kOz�,,Mǭ_>^>]E�yiAђ�4��!wj�/e={`o��s�g�
|
Network Security & Hardware 
