Who are the Earliest Adopters of SPF? Survey says: Spammers!

The Internet Patrol - Patrolling the Internet for You

A survey of nearly 2million pieces of email by security company CipherTrust revealed some interesting facts:

1. Only 5% of the email came from servers which had enabled either SPF or Sender I.D. authentication.
2. Of the email coming from servers with SPF or Sender I.D. enabled, more than half was spam.


Spammers are early-adopters. Who knew?

Well, only anybody who has ever observed how quickly spammers latch on to any new technology designed to ease delivery of email. It’s no secret.

CipherTrust then went on to say that this demonstrates that sender authentication such as SPF will do nothing to stop spam.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

No kidding!

It was never intended to stop spam. Nobody ever said that it would stop spam.

The purpose of SPF and Sender I.D., and Domain Keys, and on and on, is to be able to demonstrate that the domain from which the email is purportedly being sent is not being spoofed. That it’s really who it says it is. SPF et al say nothing about what sort of email it is. Never has, never will.

 

And, we would suggest that the fact that it’s showing up in spam means, in fact, that it’s working. How handy to be able to track a spam back to its true IP address and domain of origin!

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

3 thoughts on “Who are the Earliest Adopters of SPF? Survey says: Spammers!

  1. The article neglects to mention another set of early adopters: sites whose domain names have been repeatedly forged in spam.

    I handle the email abuse reports for my employer, and for the past year I’ve gotten several complaints a week. To date, not a single one has been over a message that actually came through our network or from our customers. We put up SPF records last December, but since hardly anyone checks them, it hasn’t stemmed the tide of misdirected complaints.

    Another missing piece of information is the percentage of email that actually *fails* SPF checks. So they found that 3.8% of spam passes and 2.8% of legit mail passes. That’s disheartening, but SPF is pass/fail/neutral, not just pass/fail. What if 10% of spam *fails* and only a tiny amount of legit mail does? If that’s the case, then it’s already proving useful. But without those numbers, there’s no way to tell.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.