|
When email was designed, everybody played nice, and
trusted one another. So for a long time, MTAs were open relays out of the box:
| Client IP | Sender | Recipient |
|---|
| Anyone |
Anyone |
Anyone |
Anyone could mail through an open relay to anyone else.
Then, when spam became a problem, people started closing
their open relays, so only legitimate mail was accepted.
| Client IP | Sender | Recipient |
|---|
| Anyone |
Anyone |
Must Be Local |
|---|
People started trying to fight spam by blocking certain
client IPs which were known spammers. Blacklists became
popular and people started using them to identify open
relays and dialups as well.
| Client IP | Sender | Recipient |
|---|
| Anyone Not Blacklisted |
Anyone |
Must Be Local |
|---|
But IP blacklists are an imperfect solution: they result
in too many false positives and false negatives. And
they're embroiled in lawsuits: spammers are fighting back.
People are trying all kinds of desperate moves like renaming
them "blocklists". Blacklists aren't working.
And that still doesn't address the forgery issue. SMTP is
anonymous on the sender end. Anyone can inject a
message to a valid recipient, and forge the sender address.
This is called Joe-Jobbing and
it
happens everyday.
SPF takes a different approach: it's the responsibility
of each domain owner to whitelist their own mail senders.
This prevents forgery, and, because most spam is forged,
also blocks spam.
SMTP+SPF Phase 1
| Client IP | Sender | Recipient |
|---|
| Must Be Permitted By Sender Domain |
Anyone |
Must Be Local |
|---|
Spam that isn't forged can be easily blacklisted by
domain rather than by IP. After widespread adoption, SPF
can become even stricter:
SMTP+SPF Phase 2
| Client IP | Sender | Recipient |
|---|
| Must Be Permitted By Sender Domain |
Anyone Not Blacklisted |
Must Be Local |
|---|
This would not have worked in the early days of the Internet, but it is the right solution for today's world.
| 
