Microsoft Garners Support For Authentication Scheme: Information Week
August 2, 2004:
ClickZ tells email marketers "If you haven't already done so, publish an SPF record."
July 1, 2004: CircleID publishes Part 1 of their two-part interview with Meng.
June 29th 2004: FrontBridge announces SPF support for their anti-spam products.
June 29th 2004: The
website now looks excitingly 21st century. Before, it
looked very much 1995.
June 22nd 2004: We now have our own shop at
Cafepress! Why are the shirts ridiculously expensive? Because
they're part of the SPF Fundraiser project. Donations are also welcome.
June 22nd 2004: We're mentioned by name in the FTC
Report. We're also mentioned in the ASTA Technology
and Policy Proposal, but you kinda have to read between the
lines.
June 22nd 2004:
Pointandclick, Inc. gives ESPs
a rundown of SPF and how to publish.
June 3rd 2004: At the Inbox
Event, an SPF/CallerID Deployment Strategy BOF brought together a
critical mass of ISPs, MTA vendors, and ESPs; it kicks off a round of
industry coordination on testing, implementing, and rolling out the
merged SPF/CallerID thingy, which we have yet to actually name. This
is enormous progress on a scale nobody had imagined possible a year ago.
May 25th 2004: Microsoft has dropped its objections to the SPF
semantics and syntax model. Getting their buy-in is a major step
forward. People who have been waiting to see how things will shake
out can now go ahead and publish SPF records. While the SPF community
conceded that the upgrade path for SPF should be XML, the existing TXT
format will be supported for the foreseeable future. For more
details, see this slideshow.
March 13th 2004:
We're in the April Linux Journal! Check out our exciting
three-page centerfold where we bare it all! Actually, the
article just discusses how to publish SPF records. The
March issue talks about how to check SPF in your MTA.
February 26th 2004: The latest version of
Mail::SPF::Query will parse Caller-ID records! SPF-enabled
MTAs can now read Hotmail and Microsoft.com's records and
translate them into SPF format. As a reminder: SPF is
designed to protect the envelope sender so you don't get
bounces that say "You sent us a virus". Caller-ID is
designed to protect the headers so eBay and PayPal can limit
the damage of phishing spams that say "Your credit card has
expired, please re-enter it here." If you are annoyed by
viruses that cause you to get bounces, you should publish
SPF. If you are a big institution or a bank and are
concerned about phishing, you should publish Caller-ID
records as well, but first you should check with Microsoft
because you may need a technology license; they control the
patent on Caller-ID.
February 24th 2004: Microsoft have announced Caller-ID
for E-mail, a close relative of SPF. Some people have
reported that Microsoft Word is unable to open the documents
at that web site; we provide PDF
versions for your convenience. In other news we are up
to 7500 domains registered.
February 12th 2004: An eWeek
article discusses SPF's interaction with the IETF
standards process. While it would be really nice to see the
SPF draft approved as an Experimental or Draft Standard
within the next few weeks, the conservatism inherent in the
IETF process may require that we follow procedure, hold a
BOF, charter a Working Group, and meet a few times over the
next year or two. Conservatism has served the IETF well in
the past, and you certainly don't want to rush something as
important as this. But the problems are urgent, and people
are beginning to abandon email entirely. We need to act as
quickly as prudence allows.
February 11th 2004: The spec has been published as an Internet-Draft
with the version number 00. This marks the first step on
the road toward RFC standard status. Oh, and we changed
the name from "Sender Permitted From" to "Sender Policy
Framework".
February 4th 2004: The registry
crosses the 6000 mark. Major publishing domains include:
AOL.com Altavista.com DynDNS.org E!Online.com (the ! is
silent) GNU.org LiveJournal.com MotleyFool.com OReilly.com
Oxford.ac.uk PairNIC.com Perl.org PhilZimmermann.com SAP.com
Symantec.com Ticketmaster.com w3.org and of course
foo.com.
February 2nd 2004: The registry crosses the 5500 mark.
January 28th 2004: Eine Deutsche Version von dieser Webseite gibt es hier.
January 16th 2004: Eric Raymond mentions SPF in his
talk at the MIT Spam
Conference. A handout is
distributed to the audience. The registry
crosses the 4000 mark.
January 9th 2004: Slashdot noticed that AOL
experimentally turned on SPF for 24 hours. During that
time, thousands of spams were blocked. They have turned it
off over the weekend to assess the results of the
experiment, and will turn it on again next week.
December 16th 2003: Mail::SPF::Query (available on CPAN)
has a few updates, and matches the draft version
02.9.4 which is the latest RFC draft. You are
encouraged to publish records.
Independent client implementations in C and Python have
begun. MTA plugins for Sendmail, Postfix, and Exim are
available for download. The Slashdot
thread contains a number of questions and criticisms
based on an incomplete understanding of SPF. All those
questions and criticisms are already answered or addressed
on this website. To the trolls, I say: please engage
eyeballs before operating fingers.
December 10th 2003: Design freeze announced.
October 5th 2003: Slashdot. Load on Slashdotted servers: 0.02 ...
October 2nd 2003: A unification project has begun under
the aegis of the ASRG: the authors of SPF, RMX, DMP, and
other designated sender schemes are working together to
produce a single proposal that gathers the strengths of the
different approaches. Early adopters, please join the
mailing list; the spec is very likely to grow additional
features by the time we're done.
