SPF at IETF


The Internet Engineering Task Force has formed a group to create a formal standard around SPF, the Sender Policy Framework, designed to reduce Spam. The group, called MTA Authorization Records in DNS (MARID), will focus only on MTA authorization and only on DNS-based mechanisms. MTA methods are concerned with authenticating the domain that the mail comes from, rather than the sender individually. As a consequence, MTA methods aren't foolproof (Spam frequently does come from domains that can be authenticated), but it cuts off a large source of Spam with no need to even transfer or read the message the first. The good news is that its likely to move fast:

The group really began talking about things just about a month ago. According to the charter, there are major decision-making milestones in May and June and a working-group document submission in August. If the process only amounted to rubber-stamping the SPF specification, the schedule would be a breeze to meet, but as I have said, there are three major proposals with big differences among them. There's no question that someone's interests aren't going to be met.
From SMTP Authentication Hits Standards Track
Referenced Tue May 11 2004 09:39:53 GMT-0600