Spammers use e-mail ID to gain legitimacy

Spammers use e-mail ID to gain legitimacy

Summary: With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, stated a report released on Wednesday in the US. The author of the study, e-mail services provider MX Logic, analyzed nearly 10 million bulk e-mail messages that it had filtered on behalf of its clients in late August.

SHARE:
TOPICS: Collaboration
2
With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, stated a report released on Wednesday in the US.

The author of the study, e-mail services provider MX Logic, analyzed nearly 10 million bulk e-mail messages that it had filtered on behalf of its clients in late August. The company found that nearly a sixth of the sources of the junk messages used a protocol known as Sender Policy Framework (SPF) to certify that the e-mail addresses used in the messages were real.

While SPF has been touted as a way to stop spam, the data has shown that the true value of the protocol is more about preventing fraud, said Scot Chasin, chief technology officer for the Denver, Colo., company.

"Authentication (using SPF) by itself is not a spam cure-all," Chasin said. "SPF--as it relates to having an impact on spam--will hurt only those who spoof domains. You are still going to need content filtering to see if the message was unsolicited".

SPF is one of two technologies currently being considered as part of a hybrid method, dubbed Sender ID, for certifying the source of e-mail messages. Another technology, Microsoft's Caller ID, makes up the other half of the proposed standard. Because it used technology that Microsoft is attempting to patent, Sender ID may require that users sign a license from the software giant, which has angered many project groups in the open-source world.

That debate has caused many Internet engineers and mail administrators to take another look at SPF, created by Meng Wong, the founder of e-mail service firm Pobox.com.

The Internet Engineering Task Force, the technical committee creating the standard, debated the issues extensively over its e-mail list during the last two weeks.

MX Logic's Chasin argues that SPF does not really solve the problem of spam, at least not until there are supporting services to provide a measure of the reputation of the various e-mail senders.

"SPF is great at combating fraud, such as phishing," he said. Phishing is the Internet scam that usually uses e-mail designed to look as if it came from an official organisation, such as a bank or government agency, to elicit personal data. "Phishing attacks are all about spoofing someone's domain name."

The majority of the SPF-using domains found sending spam were "gobbledy-gook" domain names, not from legitimate companies, he said.

Chasin argues that new services are needed to give e-mail recipients a measure of the reputation of the sender. Such services would basically certify that certain servers belong to "good" e-mail senders, allowing message filtering software to classify such e-mail as legitimate.

"The e-mail filters could then let through legitimate e-mail," he said. "It would be guilty, until proven innocent."

Topic: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • SPF developers agree that spammers publishing SPF records is an expected and indeed desired outcome of SPF. Why? Because when a spammer sends from a domain that he has published an SPF record for, it means he is not sending from your domain, or my domain or your Aunt Tilly's domain. If you and I and Aunt Tilly all publish SPF records for our domains, then, SPF checking email servers will be able to tell the difference between you, me, Aunt Tilly and the spammers. Domain based white and black listing suddenly become effective. Up till now they have been ineffective because spammers could claim to be sending from any domain.

    Another thing. Some people say that SPF will be ineffective because spammers can hijack Aunt Tilly's machine and send out spam using her domain and SPF record. It's true, they can, but SPF means that the spam will be tracked back to Aunt Tilly's domain, to her email service provider, and they will be put on notice: fix Aunt Tilly's hijacked machine, or risk being blacklisted by a lot of the internet.

    SPF isn't a spam cure by itself. It is an enabling technology that makes other spam prevention methods more successful.

    More at spf.pobox.com
    anonymous
  • SPF reduces opportunities for phishing and for claiming to be acting from a domain-name that you do not control. (e.g. online banking scams)

    It does nothing to say whether something is SPAM or is not SPAM. If you do not want other people claiming to be from your domain then you should support it.
    anonymous