SPF records and zombie PC’s

I was reading yet another comentary about spam problems this morning and, as usual, mulling the issues it raised.

I had an idea, which I haven’t really given a vast amount of thought to – so it may be pants, but it is worth writing down while it is fresh in my mind – just in case.

SPF – the linking of an IP address to the domain name at the DNS to help prevent unauthorised IP addresses sending emails that claim to come from an email address.

For example, my commercial sites are set up so that the SPF record states that only my server IP address is allowed to send an email from my server. If any other IP address attempts to send an email apparently from me, then that is not a valid email.

The value of this was brought home – quite literally, when I recently updated the SPF record and tried to send some emails from my home PC.

My outbound email server was provided by my home ISP – and they check all outbound emails for SPF validity – and hence blocked all my outbound emails as my home computer IP address did not match my website domain SPF record.

That was actually a good thing – although the error message they sent back could have been a bit clearer.

Now, SPF is not the ultimate solution to spam, but it is a useful tool.

Here is the proposal.

Quite simple really, all domain names when registered must have an SPF record associated with them.

It becomes a mandatory policy.

If I buy a domain name, typically the seller would offer a basic webhosting package etc., and they would set up the SPF for their IP addresses.

When/if I migrate that domain to another webhosts – then I have to update the SPF to point to the new IP address – that is a condition of leasing the domain name.

Any domain name without an SPF (or an incorrectly configured SPF) would find it impossible to send emails as every inbound ISP would then start applying stricter controls to SPF validation.

Yes, some spammers would still set up their SPF/IP correctly – this doesn’t prevent that.

What it does do though, is target the increasing problem of so called “zombie PCs”, where a virus on a home computer sends spams on behalf of someone else. As the IP address of the home PC would not agree with the domain SPF record, then the emails would be rejected – hopefully by the outbound ISP itself.

A suitable error message sent back to the ISP’s customer warning them of the situation would also prompt them to carry out a virus scan on their PC to de-zombify their computers.

This then reduces the appeal of using zombie PCs to send spams.

Just an idea I am mulling.

What do you think?

References:

http://spamfighter666.blogspot.com/2006/12/trench-warfare-in-age-of-laser-guided.html

http://www.openspf.org/

« « Previous Blog Post Next Blog Post » »

Sign up for my free weekly email newsletter

Sample Issue

No Comments

Start the ball rolling by posting a comment on this article!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

web