Who are the Earliest Adopters of SPF? Survey says: Spammers! - 1,374 Views, 3 Comments
|
Previous Article « War Driver Gets Whacked by CAN-SPAM
Read Next Article » For Sale: Your Email Address. Serious offers only. Inquire at Advocacy, Inc.
A survey of nearly 2million pieces of email by security company CipherTrust revealed some interesting facts: 1. Only 5% of the email came from servers which had enabled either SPF or Sender I.D. authentication. Spammers are early-adopters. Who knew? Well, only anybody who has ever observed how quickly spammers latch on to any new technology designed to ease delivery of email. It’s no secret. CipherTrust then went on to say that this demonstrates that sender authentication such as SPF will do nothing to stop spam. No kidding! It was never intended to stop spam. Nobody ever said that it would stop spam. The purpose of SPF and Sender I.D., and Domain Keys, and on and on, is to be able to demonstrate that the domain from which the email is purportedly being sent is not being spoofed. That it’s really who it says it is. SPF et al say nothing about what sort of email it is. Never has, never will. And, Aunty would suggest that the fact that it’s showing up in spam means, in fact, that it’s working. How handy to be able to track a spam back to its true IP address and domain of origin! Related link here.
Follow Anne on
Twitter 
Friend Anne on Facebook
2. Of the email coming from servers with SPF or Sender I.D. enabled, more than half was spam.
Who are the Earliest Adopters of SPF? Survey says: Spammers!
Twitter Explained in Plain English
Previous Article « War Driver Gets Whacked by CAN-SPAM
Read Next Article » For Sale: Your Email Address. Serious offers only. Inquire at Advocacy, Inc.
Read more:
» Please Help Aunty by Taking This Reader Survey
» Anti Spammers are Lamers, Says Spammer
» Have Sex or Search the ‘Net? The Choice is Clear
For additional similar stories check out our archives on Everything Else
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
Hi Anne — got the link for that story?
Comment by Justin — 8/31/2004 @ 4:26 pm
Oops, a thousand pardons. Here it is:
http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Comment by Aunty Spam — 9/1/2004 @ 8:41 am
The article neglects to mention another set of early adopters: sites whose domain names have been repeatedly forged in spam.
I handle the email abuse reports for my employer, and for the past year I’ve gotten several complaints a week. To date, not a single one has been over a message that actually came through our network or from our customers. We put up SPF records last December, but since hardly anyone checks them, it hasn’t stemmed the tide of misdirected complaints.
Another missing piece of information is the percentage of email that actually *fails* SPF checks. So they found that 3.8% of spam passes and 2.8% of legit mail passes. That’s disheartening, but SPF is pass/fail/neutral, not just pass/fail. What if 10% of spam *fails* and only a tiny amount of legit mail does? If that’s the case, then it’s already proving useful. But without those numbers, there’s no way to tell.
Comment by Kelson — 9/1/2004 @ 9:15 am