[Mimedefang] SMTP + SPF

[Alan Madill]

> Support the development and deployment of SMTP+SPF, which should allow
> everyone else to determine where the legitimate e-mail for your domain
> originates from, and reject the rest instead of bouncing it:
> 
> http://spf.pobox.com/intro.html

We finally have our new sendmail server online.  It's running MD 
and SA with basic MD filtering turned on by default.  Today it 
quarantined a half dozen files "An attachment named 
www.paypal.com.scr was removed from this document as it 
constituted a security hazard."  It's a variant of Minmail that 
NAI/McAfee doesn't pick up.

SMTP needs some sort of extension that will prevent 
communication without authentication.  SPF is a start.

With Razor, RBL's, Bayes etc the SMTP/Internet system is starting 
to adapt itself dynamically but in somewhat less than real time to 
various threats.  This is hard to do without verification of the sender.  
The SPF initiative is worth backing.

Another component that might help would be real time 
communication between servers running applications like 
MimeDefang and SpamAssassin.  Our servers spend a lot of time 
re-learning what other servers have discovered.  For instance, my 
server could have let the world know that I had an IP address that 
was sending out an apparent virus.

May you all have a spam free New Year.  Happy Holiday.

-
Alan Madill
http://www.hwy16.com/~amadill