IBM today announced an alphaWorks project that’s been kicking around for a while. Precis: it tries to match the sender IP to the purported sender domain. If it can’t find a match, it falls back to something similar to challenge/response.
The theory goes:
- All spam is spoofed, so it will fail the IP/domain match and won’t get past the challenge.
- The vast majority of legitimate mail will pass the IP/domain match, so will be delivered without needing a challenge.
- The only legitimate mail that needs to be challenged is sent by "power" users, who will know how to deal with a challenge.
This could initially cause false positive problems for some legitimate direct marketers who use some bulk email service providers. However, the problem is quite easily fixed.
Note that this doesn’t fight spam, so much as fight spoofed senders. Much like SPF, in fact.
also that there’s been a deal of poor reporting,
saying that FairUCE somehow spams the spammers back. Untrue. From the quotes attributed to an IBM exec, Iâ€™m worried that this mis-reporting might actually be IBMâ€™s fault.