Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Are Early Adopters of SPF Standard

Posted by michael on from the doh dept.

nazarijo writes "In an article entitled Spammers using sender authentication too, study says, Infoworld reports that a study by CipherTrust shows that SPF and Sender ID (SID) aren't nearly as effective as we expected them to be when combatting spam. The reason? Spammers are able to publish their own records, too. 'Spammers are now better than companies at reporting the source of their e-mail,' says Paul Judge, noted spam researcher and CipherTrust CTO. Combined with low adoption rates of either SID or SPF (31 of the Fortune 1000 according to CipherTrust), this means that the common dream of SPF or SID clearing up the spam problem wont be coming true. Wong, one of the original authors of SPF and a co-author of SID, says that it was never intended to combat all spam. Weng, another researcher in the space, says that this is just one of the many pieces of the puzzle needed to combat spam. Various SID implementations exist, including a new one from Sendmail.net based on their milter API, making it easy for you to adopt SID and try this for yourself."

6 of 249 comments (clear)

  1. We can still use it as a spam prevention tool by hchaos · · Score: 5, Funny

    All we need to do is block emails from anyone using SPF or SID.

  2. The point of SPF by pikine · · Score: 5, Insightful

    ... is not to block spam, but to identify the source of an e-mail. Spammers can definitely identify themselves if they so choose. I think it is still a welcoming trend.

    --
    I once had a signature.
  3. Article Poster Doesn't Understand SPF by Anonymous Coward · · Score: 5, Informative

    Idiot. The point of Sender ID systems is to make it easy to track down spammers and enforce spam laws. Sender ID isn't meant to stop spam like spam filters or sender payment schemes but make laws enforcable.

  4. Isn't this what we want? by Carnildo · · Score: 5, Insightful

    Isn't putting up SPF records exactly what we want spammers to do? If they've got SPF records, running an RBL against spam domains should be easier and more accurate.

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  5. But that's not the point of SPF by hypnagogue · · Score: 5, Insightful

    The point of SPF was not to eliminate spam, but to eliminate spoofing. If successful, this is enables effective and cheap spam filtering by forcing spammers to use domains that can easily be blacklisted.

    In other words, SPF is working correctly, brighter tomorrow expected, move along, nothing to see here.

    --
    Liberty you never use is liberty you lose.
  6. SPF is an anti-forgery tool, not an anti-spam tool by cas2000 · · Score: 5, Interesting


    SPF doesn't and can't block spam.

    it has a different purpose. it prevents some email address forgeries. its main use is to allow a domain owner (e.g. an individual or an organisation or a corporation such as a bank) to specify exactly which hosts are allowed to send mail claiming to be from that domain.

    in other words, it can be used to block forgeries such as phishing spams and viruses, but it is not a general purpose spam blocker.

    it does that job reasonably well (or, it will when it is implemented by enough mail servers). to complain that it doesn't do a job it was never designed to do is just absurd.