Frequently Asked Questions                            DRAFT 20-June-07

There is much confusion in discussions of email systems over the meaning of simple words like sender and receiver.  Please see this article for a simple introduction to email systems and terminology.

Q1:  If spam will never go away, what do you consider success for this project?

A1:  I will consider our Registry a success when we can segregate the spam so well that I never have to search my spam bucket for false rejects. My email address will be published for anyone who needs it.  Everyone sending an email will know that if they want reliable delivery, they need to use an A-rated email service, and the ratings of all services will be readily available.

Q2:  I know you need to stay neutral on the different authentication methods, but give us a hint. If you
had to chose just one, which would it be?

A2:  Each method offers different forms of protection, and it is best that you have at least two ready,
even if you don't use every method on all messages. A quick check based on an IP address may not
offer enough security. A laborious check based on digital signatures may overload your servers in a
denial-of-service attack.

Luckily, you don't need to chose any method to get started. Just publish a simple authentication record with your authorized HELO addresses, and we can reject the vast majority of spam right now. Later, you can add protection for authorized forwarders, for message headers, or for the entire content of your messages. Give the simplest setup a try, pay attention to our spam reports for your domain, then decide what else you may need later.

Q3:  I've already published my sending addresses in two slightly different records, and I don't want to
put this information in yet another place. Why can't you just use what I have?

A3:  We can use the addresses you have listed in either an SPF record, or a SenderID record, to
construct a default Registry record, but we need some additional information, due to the possible
ambiguities in these records. If your existing record says "These addresses and no others are
authorized to use my name.", then we can follow your policy, reject the forgeries, and build your
reputation from just what comes out of your authorized transmitters.

Many SPF and SenderID records are not so clear, however. Because their purpose is broader than
just authorizing the sender's own transmitters, they often say "Here are the addresses of our transmitters, but don't forget to include our forwarders, and don't reject anything that you might get from a transmitter we don't know about." If that is all the information you give us, the best we can do is give you a default record, follow your policy of not rejecting anything, and count against your ID, any spam that we cannot reject.

There is a way you can publish your information in just one place, satisfy the needs of either SPF or
SenderID, and provide us an explicit list of your own transmitters. You just need to follow some simple,
and widely used conventions in writing your SPF or SenderID record, and tell us you have done that.
See our notes on Using SPF Records to list HELO Addresses.  To signal us your intent, just put a simple phrase in your DNS record:

    _auth.<your ID>. TXT "helo=SPF"
Use our webtool to see the resulting Registry record, and make immediate corrections if it doesn't come out the way you intended.


To Do
- fix links
- add more content