For those who are unfamiliar with the topic see http://www.openspf.org. "SPF fights return-path address forgery and makes it easier to identify spoofs. Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted. "

I've long since had SPF in place on all the DNS records for the domains under my control. While hindsight is perfect this should've been in place in the email systems right from the beginning of the Internet.

This checking should be executed before the DNS spam blacklist servers as it would then help to reduce the traffic to the RBL servers. SPF checking would be distributed to the alleged senders website DNS servers.

Also much of the code required is already in place as very similar code is required to locate the DNS records of the RBL servers. Mostly just some text processing of the SPF specific TXT record in the DNS records.

This is a user-to-user help forum.

There is a separate Product Suggestion forum here: /f58-Product_Suggestions.html

Put your suggestion there rather than here.

Good point Roger. I've moved this topic to Product Suggestions.

This seems like a great idea ttoews! Just playing devil's advocate for a moment ... what sort of negatives might there be? For instance, are there ways for spammers to make life difficult ... anything that FireTrust should be made aware of?

I'm running a SPF check in thunderbird and it is pretty slick, tags a bunch of spam and so far 0% falses.

No downside to it for users. The only shortcoming is that it requires the mail sending machine support SPF, more and more are doing so as it stops Joe Jobs cold.

Hey Tony, welcome to CastleCops!

Good point about DomainKeys. And even if you won't be making use of MWP in the near future, many folks will continue to use it, especially if FireTrust keeps making significant improvements.

I don't think he was going to quit using MW, just the SPF checking if it gets added.

The nice thing about SPF is that it can be run before the message is accepted and if the mail fails the SPF check your server can reject it.

[quote="Ikeb]Good point about DomainKeys. And even if you won't be making use of MWP in the near future, [quote]

Oh, no, as stan_qaz suggests I will continue to be using MWP for many years to come. Unless and until SPF and/or DomainKeys gets universal acceptance. Which is about as likely as <insert your metaphor of choice>.

Once my mail server software implements SPF and/or DomainKeys then I may very well disable the option in MW. No sense in duplicating the checking that my mail server has already done.

And now that I think about it I do have one email account which does not go through my mail servers so I might want to keep SPF working on that email account.

(However that ISP has done an admirable job of shrinking 600 spams a day on that account to four or five per day.)

I purchased the Pro version within a few days of downloading MW when I first became aware of it. It is a well written program with a logical UI. It does one thing very well Thus it meets my high standards. <smile>

Tony

I second the SPF suggestion. I have bugged longtime my ISP regarding this but implementing SPF don't seems to be very high in their list.

Then, if a future version of MWP would be able to check for SPF that would be a nice tool.

I also think both SPF and DomainKeys support would be very useful additions to MWP. Like Toblerone, I have been pestering my ISP (actually, my domain hosting provider) to add SPF records for my domain as well as their own. Strangely enough, the mail server software they use (SmarterMail) supports SPF checking as a way to rank spam, but they don't have SPF records in their (or my) DNS.