Hotmail gets SPiFfy

By on July 23, 2004

OK, so I’m stretching for a clever title there. But the good news is that Microsoft has now joined AOL, Earthlink, and other large email providers by publishing Sender Policy Framework records for all their e-mail addresses, and are using SPF validation to scrutinize inbound mail.

The company is strongly urging e-mail providers and Internet service providers (ISPs) to publish Sender Policy Framework (SPF) records that identify their e-mail servers in the domain name system (DNS) by mid-September. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol (IP) addresses of e-mail servers listed in that sending domain’s SPF record by Oct. 1. Messages that fail the check will not be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft’s Safety Technology and Strategy Group.

Basically it works like this: If I’m and sends me an email, the server will receive a request from an server to send a message. The server then checks to see if the contacting server is listed with an SPF record in the DNS. If it is, then I know the mail is really from AOL. If it’s not, then I know it’s a spoof. This doesn’t stop spam, but it at least makes servers truly accountable for spam, so the griping goes to the right place, and blacklists can be more accurate.

Via SlashDot.