[Mimedefang] OT but interesting hopefully - Spammers embrace email authentication
Kelson
kelson at speed.net
Fri Sep 3 12:05:45 EDT 2004
Richard Cooper wrote:
> "More spam than legitimate email is currently sent using Sender Policy
> Framework, a recently introduced email authentication protocol.
> According to CipherTrust's research, 34 per cent more spam is passing
> SPF checks than legitimate email because spammers are actively
> registering their SPF records."
>
> http://www.theregister.co.uk/2004/09/03/email_authentication_spam/
This came up on Infoworld a few days ago, with more info:
http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Unfortunately the report left out a key piece of information: what is
the ratio of spam/legit email that *fails* SPF checks? SPF isn't
pass/fail, it's pass/fail/neutral, and the vast majority of mail right
now is neutral.
And really, whitelisting on the presence of valid SPF is a silly idea
and not at all what it was designed for. You might as well whitelist on
the fact that the sender's HELO matches its reverse DNS. If it does
match, you can move on to accreditation (such as "SPF has verified that
this came from knownspammer.biz, therefore I can safely reject it" or
"SPF has verified that this came from mybusinesspartner.tld, therefore I
can accept it with less filtering." And if it doesn't match, you can
treat it with more suspicion.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list