Spammers Are Also Adopting SPF Standard

Sep 04, 2004

Research Shows Spammers Adapting to Authentication Protocol, But Widespread Enterprise Deployment Will Help Prevent Phishing and Spoofing. CipherTrust, Inc., the leader in messaging security, today released the findings of its latest analysis of real-world e-mail messages sent between May and August collected from companies worldwide which use IronMail, CipherTrust’s award-winning messaging security appliance. The analysis is focused specifically on the deployment rate and effectiveness of the Sender Policy Framework (SPF) e-mail authentication protocol. Most noteworthy is definitive evidence that SPF is not effective in identifying spam; however, e-mail authentication protocols like SPF do in fact prevent spoofing and phishing attacks.

In fact, according to CipherTrust’s research, 34 percent more spam is passing SPF checks than legitimate e-mail because spammers are actively registering their SPF records. In short, as long as spammers comply with the protocol by not spoofing the sender address, their messages will not be stopped by SPF. E-mail authentication does not determine whether a message is “good” or “bad,” but simply verifies that the sender is who it claims to be. CipherTrust’s research finds that a spam message is three times more likely to pass an SPF check than it is to fail it. Therefore, organizations cannot rely on such techniques alone to fight the spam epidemic, but should include e-mail authentication as part of their fraud and spam prevention arsenal.

CipherTrust’s recent study also reveals the number of Fortune 1000 companies deploying available e-mail authentication protocols has increased by nearly 200 percent since May. CipherTrust recommends that companies and their e-mail security providers take necessary steps to actively participate in the deployment of e-mail authentication protocols such as the Sender ID Framework, which resulted from the merger of SPF and Caller ID, an e-mail authentication protocol proposed by Microsoft. Further details about CipherTrust’s recent study can be found at www.ciphertrust.com/spf_stats .

Paul Judge, chief technology officer at CipherTrust, explained: “There is some bad news and good news about e-mail authentication protocols. First the bad news: these protocols alone are not effective in identifying spam because spammers are doing what they always have – adapting in order to circumvent measures aimed at stopping spam. The good news is the largest organizations in the world are recognizing the importance of e-mail authentication because it is very effective at stopping spoofing and phishing attacks. The rollout of the latest protocol, Sender ID, is led by strong industry collaboration, and will result in widespread deployment and success in the fight against spoofing and phishing.”

As the leading messaging security provider with 30 percent of the Fortune 100 among its customer base, CipherTrust has been extremely active in its support of e-mail authentication protocols over the last 18 months. In fact, CipherTrust’s Dr. Judge served as founder and chartering chairman of the Internet Research Task Force’s Anti-Spam Research Group (ASRG) in March 2003, out of which the original proposals leading to SPF were borne. Less than one year later in February 2004, CipherTrust became the first e-mail security vendor to incorporate SPF into its product, and pledged on May 26 to support the Sender ID Framework. In order to protect its customers from spoofing and phishing attacks, CipherTrust’s IronMail currently incorporates SPF as one of more than a thousand characteristics to identify unwanted messages, and will do the same once Microsoft’s Sender ID Framework protocol is available.

CipherTrust regularly monitors and analyzes traffic running through the nearly two thousand IronMail appliances deployed in the field to ensure customers are protected against new and innovative threats. Unlike some other research efforts, which use "spam traps" to lure and analyze e-mail messages, CipherTrust's research team analyzes spam messages targeting leading companies worldwide which are caught by the award-winning IronMail messaging security solution.

Explore further: Europe vies for lost mobile glory against Asia, US

add to favorites email to friend print save as pdf

Related Stories

'Planck' puts Einstein to the test

45 minutes ago

Researchers, including physicists from Heidelberg University, have gained new insights into dark energy and the theory of gravitation by analysing data from the "Planck" satellite mission of the European ...

Professor takes madness out of the month

55 minutes ago

With the NCAA Men's and Women's Basketballl Tournaments tipping off soon, brackets and bubble-busters are reaching a fever pitch. Dr. Jay Coleman, the Richard deRaismes Kip Professor of Operations Management and Quantitative ...

New detector sniffs out origins of methane

1 hour ago

Methane is a potent greenhouse gas, second only to carbon dioxide in its capacity to trap heat in Earth's atmosphere for a long time. The gas can originate from lakes and swamps, natural-gas pipelines, deep-sea ...

Distant supernova split four ways by gravitational lens

1 hour ago

Over the past several decades, astronomers have come to realize that the sky is filled with magnifying glasses that allow the study of very distant and faint objects barely visible with even the largest telescopes.

Recommended for you

Watches, robots suitcases: mobile gadget highlights

3 hours ago

Tech companies showcased countless connected gadgets at the world's biggest wireless telecom fair, the Mobile World Congress in Barcelona, which wrapped up on Thursday. Here is a selection of highlights:

Cebit 2015: DIY printing custom touch-sensitive displays

5 hours ago

Computer scientists from Saarbrücken have developed a technique that could enable virtually anyone to print out customized displays of their own in future—in all shapes and sizes and onto various materials. ...

Power-generating urinal pioneered in Britain

5 hours ago

British scientists on Thursday unveiled a toilet that unlocks energy stored within urine to generate electricity, which they hope could be used to light remote places such as refugee camps.

Reliance on smartphones linked to lazy thinking

6 hours ago

Our smartphones help us find a phone number quickly, provide us with instant directions and recommend restaurants, but new research indicates that this convenience at our fingertips is making it easy for us to avoid thinking ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.