| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft to enforce Sender ID checks | |
|
||
| Time: 01:17 EST/06:17 GMT | News Source: InfoWorld | Posted By: Todd Richardson | ||
|
Microsoft Corp. will soon put some bite into its Sender ID antispam plans by checking e-mail messages sent to its Hotmail, MSN and Microsoft.com mail accounts to see if they come from valid e-mail servers, as identified by the Sender ID, according to a company executive. The company is strongly urging e-mail providers and Internet service providers (ISPs) to publish Sender Policy Framework (SPF) records that identify their e-mail servers in the domain name system (DNS) by mid-September. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol (IP) addresses of e-mail servers listed in that sending domain's SPF record by Oct. 1. Messages that fail the check will not be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft's Safety Technology and Strategy Group. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 310 Last | Next |
The time now is
11:23:25 PM
ET.
Any comment problems? E-mail us |
| #1 By 23275 (68.17.42.38) at 7/23/2004 11:05:58 AM |
|
in W2K3 DNS just set up reverse DNS Lookup for each domain hosted - make sure that you are the delegate for both forward and reverse zones, or have your provider add the records - many Host Named DNS Server operators get one delegation, but forget the reverse.
AOL began implementing this a few weeks ago, and maintains a reverse DNS Lookup resolution tool on its tech support site - while I do not much care for AOL, it is a decent tool for checking this. With this set up, you'll be able to comply and not encounter any delays or rejected mails for domains you provide mail service for. |
| #2 By 23275 (68.17.42.38) at 7/23/2004 1:40:51 PM |
|
The reverse is confirming the sending domain, sent from server(s) and the delegate authority. SPF adds another layer, but our tests show that w/o it, and having a properly configured Host Named DNS system/zones/records, that all traffic moves through very quickly. It allows the recipient hosts to quickly confirm sending domain and servicing providers as valid authoritative delagates.
|
| #3 By 6253 (24.1.219.150) at 7/23/2004 6:24:28 PM |
|
The headline is misleading. The article explains "Messages that fail the check will not be rejected..." but that's not most people will assume the word "enforce" in the headline means.
Of course, without a misleading headline, there's really no news worth reporting here, so if you're a reporter, I guess you have to make the best of a slow news days. |
| #4 By 16302 (64.110.237.140) at 7/24/2004 6:11:31 PM |
| Although this article is not about reverse-ip lookups, a couple of posts are. PLEASE consider that reverse-lookups will not work because a single IP address is usually used to support multiple outbound mail domains, and the reverse-ip lookup thing can only resolve to a single domain when looking up the owner of the IP. Also, many ISPs will not change the registration of their lookups anyways. |
| #5 By 16302 (64.110.237.140) at 7/24/2004 6:13:25 PM |
| The only real solution to getting rid of spam is to have a mail transport that can successfully identify the sender. The government should get into the business of funding some form of private key infrastructure for email. If all email had to be digitally signed by a trusted authority or it doesn't get delivered, then spam would completely disappear. |
| #6 By 23275 (68.17.42.38) at 7/26/2004 12:00:37 AM |
|
#6 I cannot agree. That is not how the DNS works. One email server can easily answer for a great many domains - provided the Host Named Servers are set up properly.
Host Named Servers must be the delegate for both forward and reverse lookup zones and have the appropriate records in each zone. If companies, or admins are not the delegate authority for the address space(S) assigned to their registered Host Named Servers, then they must request and secure it, or cease to operate them. If they do, they need to use the DNS of their ISP's who must comply as above and respond to such requests. Most ISP's - even larger ISP's run by incumbents [Bellsouth for example] - happily delegate authority and do so in less than 24 hours. Zones properly set up as above, exactly conform to the requirements to identify and resolve a sending domain. Not only does this improve performance for all supported domains and services, it allows anti-SPAM systems to successfully identify senders as valid. Please use a utility like checkdns at www.checkdns.net to test domains. You'd be shocked to see how many DNS admins have made a mess of a pretty simple system. In the context of the netblock owner, the article is irrelevant - see Net Craft or some other such site - it is to whom the SOA has been delegated to that matters. We answer for thousands and work to help hundreds of our clients' trading parners get this right. http://news.netcraft.com/ |
| #7 By 23275 (68.17.42.38) at 7/26/2004 12:45:06 AM |
|
Ok, to help out all, SPF works a lot like MS's ideas for email caller ID, but it is a little different.
For the record...an SPF file is a text file in a DNS zone. Rule #4 of the SPF reads: If the SPF record indicates that the sender's IP address is legitimate for the domain, the message is legitimate. Hence, what I have posted above in a number of places is entirely valid and conforms to the SPF and MS's broader implementation of it. Within SPF, SMTP servers can look up that record and use it to make decisions about incoming messages that claim to be from a particular domain. SPF allows the receiving Message Transfer Agent (MTA) make a determination about the domain according to rules - perhaps the most important is rule 4 - as I have addressed. I do suspect that the other rules are for people who do not have properly configured DNS services/zones/records, or do not have a good understanding of how protcols are used on the public networks. SMTP, was used by us many years ago and each system was trusted - we used to literally hand poke the headers - which were a heck of a lot more complex than today - the entire message was formatted with man/machine TAGS [irony]. I know, I wrote the first provisional implementation for man/machine message formats, because we needed to distribute traffic to "untrusted" systems that were not continually connected to the network. They did manual callups, or were on a distribution list corresponding to their station ID. It's the same protocol and the same kinds of systems in use today. I aks that we try not to confuse people - DNS Admins "will have to add these text SPF records for their supported domains and I fear people will be looking for a record type that does not exist in their DNS interfaces, or configuration UI's (MMC, etc...)." If you want more inormation or assistance in setting up your DNS, email me as at my profile. Thanks. |
| #8 By 23275 (68.17.42.38) at 7/26/2004 12:50:58 AM |
|
#1 - Sep/Oct for an update.
Also, MS's initiative is much broader and a lot easier implementation than just SPF. It adds a lot to it, but is also strictly conformant. Thanks |
|
Write Comment
Return to News |
Displaying 1 through 25 of 310 Last | Next |
The time now is
11:23:25 PM
ET.
Any comment problems? E-mail us |
