Friday, 24 June 2005

More on Hotmail's move

Dr. Curt said, "If the proposed rule at Hotmail were simply that certain limited KINDS of email wouldn't be let through without sender validation -- that I could buy into."

The proposed rule at Hotmail is simply that certain limited kinds of email wouldn't be let through without sender validation. The difference between the current situation and what is proposed from November is that the spam score will be increased somewhat if the sender doesn't have an SPF record. Spam filtering is never a black and white proposition, but based on a score, derived from a weighted sum of several tests' scores. This change adds a new test (actually, strictly speaking, it enhances an existing test).

Yes, this encourages people to publish SPF records. This is a good thing.

No, it doesn't require people lube up their throats to have SenderID rammed down them. That sort of talk just smacks of Microsoft-bashing.

Note that the difference between SPF-classic and SenderID is (mostly) the PRA algorithm. This has problems: mostly political problems, but also technical problems at the corner cases. SPF-classic also has (different) corner-case problems. So did RMX, so does DKIM.

The fact remains that "the industry" broadly agrees that we need strong sender reputation tracking. Right now, all we can do is track the reputation of IP addresses, which is by no means perfect. SPF, SenderID, and DKIM will help us track senders' reputation, by greatly reducing the number of email messages with forged senders.

AOL will make this move too, I'll put money on it. Some commercial products already do (but it's usually configurable). It's the way the industry's going. Get an SPF record and get used to it.

No comments:

Post a comment