Starting September 22nd, 2004, Msen is installing Sender Policy Framwork SPF records for our customers and their hosted domains. These records will help prevent the forgery of our customer's email addresses by spammers by specifying exactly which IP address are allowed to send email in the customer's name.
What does it do?SPF is a publishing standard that identifies which IP addresses are authorized to send email for a given domain. As an example:
If your email address is firstname.lastname@example.org, your outgoing SMTP server is home.msen.com, and your incoming SMTP server is home.msen.com, and the SPF record says email from email@example.com is allowed to come from home.msen.com or mail.msen.com, then the mail passes through. If the same email came from random.company.in.china.ch and claimed to be from firstname.lastname@example.org, it would be denied as a forgery.
Care is being taken by Msen to adjust for those people who do not use Msen for all of their services. So, cable modem users, and those travelling and using AOL as a backup dialup service will not have their email blocked.
What does it prevent?a) Joe Jobs: The forgery of an email address for the purposes of damaging the reputation of the victim.
Malicious people send out spam pretending to be the victim in order to get the victim in trouble with thier ISP or to simply damage their reputation. Spammers do the same as a diversionary tactic in an attempt to hide their identity.
b) Viruses that select the sender and recipient from one infected user's mailbox to send out to a new victim. The From: is someone who had previously sent email to the infected party, not the infected party themselves. This covers 95% of email based viruses today.
Does this block all spam?No. It only blocks forgeries. It also blocks "Mail returned: User unknown" failure messages from emails that you never sent.
Customer ImpactIf your outgoing smtpserver in your mail program is not set to: you will need to either
a) use SMTP-AUTH and use one of the above hosts.
b) inform email@example.com as to which outgoing server and email address you are using so your records can be published properly.
All clients who send mail from outside the published addresses will have their email marked as softfail for the first two weeks, which is equivelent to "it shouldn't come from there, but don't block the mail outright". Log files are read daily to find users who are outside the normal bounds. Once all users have been converted to using the proper addresses or SPF listings, we will publish hardfail records. Msen.com and Home.msen.com have been converted already, and are blocking approximately 1,000 forgeries a day. Expect this change for hosted domains about November 2004.