Among the many anti-spam measures on my mail server – which help me reject 5000 spam attempts per day – is SPF. SPF allows domain name owners to specify which mail servers are allowed to send its mail. That makes it an excellent way to detect address forgeries, a favorite spammer tool.
One of the early questions raised about SPF was: won’t spammers just buy their own domains and set up their own SPF records that say it’s all OK?
I run my own mail server. I don’t consider myself an especially skilled administrator, so I shouldn’t point fingers. However, in recent weeks I’ve had the following experience more than once.
A delivery-failure message arrives from an unfamiliar host. The (quoted) orginal message is nothing I ever sent. The recipient is unfamiliar to me. The “sender” of the original message is an email address I control, but not one I ever send mail with.
My primary email client for my e-scribe mail is mutt. This came about in an almost accidental way.
Last summer I moved all my websites and mail to a new server. As I was setting it up I realized that I had an opportunity to decide that no passwords for this box would ever be sent in the clear. No telnet and no FTP, that was easy. But given the hassle of setting up encrypted mail authentication, I had in the past let that one slide.
The venerable Eudora e-mail client is going open source, Mozilla style. I was a devoted Eudora user in the ’90s, but I’m not sure what their, you know, unique value proposition is today. It seems like even the developers don’t quite know what it’s going to be, but if you want to stay in the loop keep checking the Penelope project (including the discussion page) at Mozilla.org.
Via ArsTechnica