Microsoft has recently submitted to the Internet Engineering Task Force (IETF) a specification for consideration called the Sender ID Framework (SIDF), which augments SMTP to help ensure that e mail is not spoofed. SIDF represents the first major step in developing an integrated set of countermeasures against e-mail abuse.
Splog Nothing causes more annoyance and frustration for IT professionals and users alike than the hordes of unwanted e-mail received daily. Much of this spam uses domain spoofing to forge the sender's address and fraudulently deceive intended recipients into believing that the e-mail was sent from a trusted site or domain. Such phony messages are particularly insidious because they are not easily filtered; users are forced to examine the messages and are often deceived into responding.
Spam is the equivalent of physical junk mail and unsolicited telemarketing phone calls. It has become one of the largest nuisances to computer users for both home and business users. Over the last few years, the use of and delivery of spam has evolved. Initially, spam was sent directly to computer users. In fact, spammers didn't even need to disguise the sender information. This early spam was easy enough to block – if you blacklisted specific sender or IP addresses, you were safe. In response, spammers began creating mock sender addresses and forging other technical information.
Spam Blog What is Sender ID Framework?:
Spam is the equivalent of physical junk mail and unsolicited telemarketing phone calls. It has become one of the largest nuisances to computer users for both home and business users. Over the last few years, the use of and delivery of spam has evolved. Initially, spam was sent directly to computer users. In fact, spammers didn't even need to disguise the sender information. if you blacklisted specific sender or IP addresses, you were safe. In response, spammers began creating mock sender addresses and forging other technical information.
Spam Blogs Sender ID Framework (SIDF) checks the address of the server sending the e-mail against a list of servers that the domain owner or e-mail recipient allows to send e-mail. This comparison is performed by the Internet Service Provider (ISP) or by the recipient's mail server before the e-mail is delivered. If the sender's ID is validated, the e-mail is sent. If the ID is not validated, the message may be refused by the receiving server or flagged or sorted into a separate folder for the user.
That’s it — your sites’s visitors should experience faster commenting times immediately, and your blog will keep blocking known spammers. If you need rmation on fighting spam on your blog, take a look at the Fighting resources on the community wiki, or contact Movable Type support for assistance.
Spam Site This technology, which will not be patented by Microsoft, incorporates Microsoft's own Purported Responsible Address (PRA), also known as Caller ID, as well as Sender Policy Framework (SPF), developed by Meng Wong of Pobox.com, and a third specification called Submitter Optimization.
- Spam is not going to disappear from inboxes, nor is the volume of spam going to decrease in the near future. Spammers will continue to look for new ways of evading antispam protection, and antispam experts will continue to repel spam attacks successfully.
- Probably no new spam technologies will appear in 2007. However, the technologies currently being used will be developed further.
- It seems likely that spammers will continue developing graphical spam, even though there is little reason to see this as a particularly promising route for spammers.
Serps Spam Benefits:
based firm revealed that the number of domain name registrations by spammers to host their websites exceeded 38, 400 in December 2004. Assuming a cost of about $10 per domain, spammers spent in 2004 over $3, 690, 000 for domain registration, using the domains registered in December (38, 400) to create over 6, 612, 000 URLs directed to spammer websites. DeHavilland Information Services
Mass Produced Sites With SIDF, an organization's domain and brand integrity will be protected against spoofing by validating the origin of e-mail. SIDF will also serve as a foundation for the reliable use of domain names in accreditation, reputation systems, and safe lists. There are already several implementations of SPF, and several major players currently use SPF to protect their e-mail systems, including AOL, Symantec, GNU, W3C, Google, and SAP. SIDF will be backward compatible with systems that already implement and use SPF.
Bulk Sites How it Works:
Junk Sites In order for an organization to implement SIDF for its e-mail system, the organization (email sender) first publishes the IP addresses of outbound e-mail servers in DNS via a SPF record. This is done by systems administrators with little or no hard costs or technical overhead. If e-mail forwarding or e-mail intermediaries are involved, outbound e-mail servers will require software to identify their own domains.
Bad Parking Pages When messages are sent, receivers must determine which domain(s) to check-typically either the "purported responsible domain" from the message body or the "envelope from" domain. Receivers then query DNS for the outbound e-mail servers of the chosen domain and perform the domain spoofing test. This requires software for inbound e-mail gateway servers, as well as optional client software to display the results of the domain checking.
Spammer Site A match of the sender's domain with an SPF record means that the domain was not spoofed or forged. The e-mail will then be forwarded onto additional filters for other spam. A failed match means a spoofed domain and a rejected e-mail.
Splog Summary:
Spam Blog SIDF targets one of the most pernicious forms of spam-the fraudulent use of legitimate and reputable domains to deceive e-mail recipients. Although not a comprehensive solution to spam, SIDF is surely an important first step towards cleaning up the current e-mail system.
Spam Blogs
About Jonathan Coupal:
Spam Site Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal's greatest strengths are evaluating customers' unique problems, developing innovative, cost effective solutions and providing a "best practice" implementation methodology. Mr. Coupal's extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice.
Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.
Serps Spam About ITX:
Mass Produced Sites ITX Corp is a business consulting and technology solutions firm focused in eight practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies, IT Solutions Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at www.itx.net or contact us at (800) 600-7785.
