Deluged by unsolicited commercial, or spam, e-mail messages, Internet service provider (ISP) America Online Inc. (AOL) is trying a new technology for cracking down on one common spammer tool: forged sender addresses, which spammers and virus writers use to bypass blacklists and trick unsuspecting recipients.
AOL is conducting a trial of a new e-mail protocol called Sender Permitted From, or SPF, across its entire user base of 33 million subscribers. The company hopes that SPF will eliminate e-mail forgeries by enabling organizations to specify which servers are allowed to send mail on behalf of their Internet domain, according to AOL spokesman Nicholas Graham .
SPF stops e-mail address spoofing by modifying the Domain Name System (DNS) to declare which servers can send mail from a particular Internet domain. AOL is using SPF to publish the IP (Internet Protocol) addresses of the servers it uses to send outgoing e-mail. DNS is the system that translates numeric IP addresses into readable Internet domain names.
Once widely deployed, SPF records can be referenced by Mail Transfer Agents (MTAs) stationed throughout the Internet when routing e-mail messages from a particular domain to determine whether an e-mail message's source is legitimate or "spoofed," according to Graham.
AOL briefly tested the protocol two weeks ago, before shutting it off to make technical changes based on feedback from other ISPs, according to Graham, who declined to describe the changes.
News source: InfoWorld - AOL testing new antispam technology