Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A competing system that’s gaining ground is called Sender Permitted From, or SPF. This system, currently making its way through the Internet Engineering Task Force, lets mail administrators publish the IP addresses of their outgoing mail servers. I can publish a notice for a domain that tells people receiving e-mail the IP address of my mail server. Then, if a recipient of an e-mail message sees mail that claims to be from my domain but that is coming from a different IP address, they know that the e-mail is not legitimate. Publishing these so-called SPF records is a kind of Internet self-defense. Unfortunately, SPF breaks some mail-forwarding schemes. Consider MIT’s “e-mail forwarding for life” system, which lets alumni use addresses for their outgoing mail. MIT couldn’t publish an SPF record for the domain, because the alumni aren’t sending their e-mail through MIT’s mail servers.

Because SPF is going through the Internet standardization process, its kinks will more than likely be worked out in a manner that’s systematic and fair to most of the people who are involved.

Neither SPF nor Domain Key is perfect. Neither can stop spam from new domains that have never been registered before and don’t have associated Domain Keys or published SPF records. And neither can stop spam that comes from legitimate Yahoo! and Hotmail customers-spam that’s sent out by computer worms and viruses. That’s why the SPF Web site emphasizes that “SPF is primarily an anti-forgery effort.” SPF’s main result will be to prevent spammers from using e-mail addresses ending with and other well-known domains. But forcing spammers away from these domains and to fly-by-night domains will in turn make the spam easier to filter out.

The Spam Conference gave me lots of good ideas for short-term technical fixes that I can use to help deal with my spam problem-at least for the next few months. I went home and published an SPF record for my home domain. Then I reconfigured my e-mail server to bounce suspected spam back to the sender, rather than dropping it into my spam box. The reason for this change is that I wasn’t looking inside my spam box, and mail was getting lost. At least this way the senders will know that their mail isn’t getting through, and they can call me on the phone.

And so today my spam problem is once again under control.

In the long term, however, these fixes are sure to fail. And there’s a worrisome lesson here. E-mail and Internet-based communications are powerful tools-and just a few people have figured out ways to turn them against the vast majority of Internet users, at a cost to businesses that is now estimated at over a billion dollars. What will happen when the new powerful tools of biotechnology and nanotechnology become widespread? If we can’t tackle the spam problem, then the future may be quite bleak.

0 comments about this story. Start the discussion »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me