This is IBM's plan for stopping spam. The basic idea is that it will try to find the real sender's domain. If that seems legitimate, it passes the mail on through. If not, it sends back (to the real sender's MX) a challenge. It's a twist on challenge/response systems as it doesn't waste time challenging unless the mail appears to be spoofed.
It looks at the return-path (not the reply-to) address and grabs all the DNS info available for that domain. If the SMTP client that connected to FairUCE is probably within the same domain as the DNS entries, then it is considered valid and no challenge is sent. So if my home machine is a Comcast client and I send through Comcast's SMTP server, and aren't playing games with what I'm sending, a receiving server would see that I am part of the Comcast domain and not reject me.
There's a long Slashdot post about this where I think most of the people involved have totally misunderstood how it works (though they may have straightened it all out by now). The purpose of this isn't to "slam" spammers, although that could be a side effect. The intent here is to implement an email challenge system without making it unduly burdensome for legitimate senders.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence