SPF implementation

Zdravko Stoychev zdravko at 5group.com
Tue May 8 16:52:26 CEST 2007


Tor Bendiksen wrote:
> On Tue, 08 May 2007 16:16:56 +0300, Zdravko Stoychev <zdravko at 5group.com> wrote:
>> Hi all! Are there any plans to implement SPF-checks in RC?
>> http://www.openspf.org/
> 
> Shouldn't this be a MTA task? Or possibly whatever anti-spam solution used.


Agreed! Even that, RC could check message headers and if SPF: FAIL is 
present, then could show warning banner at least? This would be of great 
  benefit for the end-users. A-la soft of built-in Phishing protection 
which is based on headers examination. Same could be done (again 
optional) for SpamAssassin headers.

> 
> At least this is the way I use SPF on my servers. 
> I can see how it can be beneficial at the MUA level to a degree, but 
> it could generate a lot of DNS traffic for every message. Caching 
> nightmare either for Roundcube, or the requirement for a local caching 
> name server. 
> 
> Not something I would like, but perhaps that's just me.
> 
> Perhaps suitable as a plugin, once the plugin API is finished?
> 
>> Could be quite simple to implement using libspf2.so and just one
>> function call.
>> http://www.libspf2.org/
>>
>> Or just check for Header Fields related to it as "Received-SPF:") in
>> order to notify mail reader about "MAIL FROM:" forgery? Or at least,
>> option to mark messages as spam if SPF: FAIL is detected in the Header.
>> Most of the biggest mail providers as Hotmail, Google etc. and lot of
>> Enterprise/personal mail servers have SPF implemented, including mail
>> servers as Sendmail, MS Exchange, Qmail, Exim, so this is really good
>> thing to have. Microsoft have added support for it with their own RFC
>> http://www.microsoft.com/senderid
> 
> Could be handy if it was working with the headers. That would add very little 
> overhead. Once again, a lot of this could be dealt with at the MTA level.
> 
> Please note that while MS' SenderID is loosely base on SPF, it is not the same.
> 
>> See also:
>> http://www.ietf.org/rfc/rfc4408.txt
>>
>> Regards!
>> Dako
> 





More information about the Dev mailing list