own e-mail inbox
Code your email sender. Spambots are web applications that scour websites for recognizable email addresses. If you have a website or display your email on anyone's webpage, "mangle" your email. It should still be recognizable by a human. For example, if your email is [email protected], then try something like "bob-dot-loblaw #at# mycompany-dot-com", or something similar. And be INCONSISTENT. Spambots are getting smarter, as spammers refine them. Use a variety of punctuation marks, but still have it human-readable. SPF uses the functionality of DNS to distribute SPF records across the DNS hierarchies. SPF records will be cached by several ISPs. This reduces the amount of bandwith required for SPF queries in DNS. How to publish a SPF record A different approach to authenticating senders of messages is to implement digital signatures on the message content. Most of these methods are dependent on a Public Key Infrastructure (PKI) to issue public/private key pairs. The signing is done by the MTA and the senders publish their public keys in DNS. Digital signature technologies There are a number of different technologies that can be used to digitally sign messages: * PGP (Pretty Good Privacy) can be used to sign the body of the message. Keys can be self-signed. * S/MIME (Secure Multi-purpose Internet Mail Extension) can be used to sign the message body. Keys are signed by a certification authority (CA), a trusted third party. * DomainKeys (Yahoo) can be used to sign the message body and headers. Advantages and disadvantages of cryptographic solutions SPF. email sender. DomainKey. No, these aren't fancy locksmith tools or types of sunscreen. These are all ways to verify the identity of an email sender. Aimed more at controlling online fraud than alleviating spam, e-mail authentication enables more reliable message filtering. Using some form of e-mail authentication can help also prevent spoofing, phishing, and hoax messages -- e-mail messages that claim to be sent by well-known organizations and attempt to steal your account information and passwords by asking you to reply with personal information like your credit card number, social security number, or account password. So if you receive an e-mail that purports to be from Citibank or eBay, sender authentication can detect whether the sender is legitimate or an impostor engaged in brand spoofing and phishing. msexchange.org IN TXT "v=spf1 mx -all" "v=" = defines the version of SPF used â€“ this attribute is mandatory (SPF1) â€žmxâ€œ = Defines the MX record â€žptrâ€œ = PTR is the record for the reverse lookup zone "-all" = Specifies that, if the previous methods did not match, reject the message as a forgery. An even more dangerous development on the e-mail front is "phishing." Unlike traditional spam that merely attempts to sell a product (albeit through annoying and sometimes offensive means), phishing messages are fraudulent, purporting to come from the recipient's bank, credit card company or a company with whom he does business and attempting to entice the recipient into revealing confidential information such as passwords, account numbers, or social security numbers. The phisher then uses that information for identity theft and other criminal purposes. You're probably scratching your head and wondering how will this affect you and your nonprofit? Authentication is rapidly becoming a critical factor for determining whether your e-mail messages, newsletters, and other transmissions will be delivered or snared in a spam filter. Those transmissions will increasingly get marked as spam -- unless you implement some kind of authentication. The most common types of e-mail authentication are: Sender ID, SPF, and DomainKeys. This new wave of e-mail authentication means that all mail servers from which your organization sends mail (including the servers of your vendors as well as your own internal mail servers) will need to comply with those authentication protocols if you want your mail to reach large segments of your audience.