Spammers embrace email authentication

Found on The Register on Thursday, 02 September 2004

Spammers have adopted a new standard for email authentication much faster than legitimate emailers, according to a study from security appliance firm CipherTrust published this week

More spam than legitimate email is currently sent using Sender Policy Framework, a recently introduced email authentication protocol. According to CipherTrust's research, 34 per cent more spam is passing SPF checks than legitimate email because spammers are actively registering their SPF records.

As long as spammers comply with the protocol by not spoofing the sender address, their messages will not be stopped by SPF, which CipherTrust has supported since February 2004. CipherTrust's research among users of its own IronMail message security appliance this summer found that a spam message is three times more likely to pass an SPF check than it is to fail it.

It would be easier to create a mailserver authentication system which works similar to a nameserver. Mailserver owners would have to register the IP of their server (a procedure which could include basic anti-relay checks). If a computer connects, the IP is checked against the database. When the IP is not listed, simply reject it. This would kill all zombie machines. And if a registered server spams, it can be quickly removed from the database.

Browse all articles« Previous « » Next »