Who are the Earliest Adopters of SPF? Survey says: Spammers!

The Internet Patrol default featured image
Share the knowledge

A survey of nearly 2million pieces of email by security company CipherTrust revealed some interesting facts:

1. Only 5% of the email came from servers which had enabled either SPF or Sender I.D. authentication.
2. Of the email coming from servers with SPF or Sender I.D. enabled, more than half was spam.

Spammers are early-adopters. Who knew?

Well, only anybody who has ever observed how quickly spammers latch on to any new technology designed to ease delivery of email. It’s no secret.

CipherTrust then went on to say that this demonstrates that sender authentication such as SPF will do nothing to stop spam.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

No kidding!

It was never intended to stop spam. Nobody ever said that it would stop spam.

The purpose of SPF and Sender I.D., and Domain Keys, and on and on, is to be able to demonstrate that the domain from which the email is purportedly being sent is not being spoofed. That it’s really who it says it is. SPF et al say nothing about what sort of email it is. Never has, never will.

And, we would suggest that the fact that it’s showing up in spam means, in fact, that it’s working. How handy to be able to track a spam back to its true IP address and domain of origin!

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

3 thoughts on “Who are the Earliest Adopters of SPF? Survey says: Spammers!

  1. The article neglects to mention another set of early adopters: sites whose domain names have been repeatedly forged in spam.

    I handle the email abuse reports for my employer, and for the past year I’ve gotten several complaints a week. To date, not a single one has been over a message that actually came through our network or from our customers. We put up SPF records last December, but since hardly anyone checks them, it hasn’t stemmed the tide of misdirected complaints.

    Another missing piece of information is the percentage of email that actually *fails* SPF checks. So they found that 3.8% of spam passes and 2.8% of legit mail passes. That’s disheartening, but SPF is pass/fail/neutral, not just pass/fail. What if 10% of spam *fails* and only a tiny amount of legit mail does? If that’s the case, then it’s already proving useful. But without those numbers, there’s no way to tell.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.