Spammers Are Also Adopting SPF Standard

Sep 04, 2004

Research Shows Spammers Adapting to Authentication Protocol, But Widespread Enterprise Deployment Will Help Prevent Phishing and Spoofing. CipherTrust, Inc., the leader in messaging security, today released the findings of its latest analysis of real-world e-mail messages sent between May and August collected from companies worldwide which use IronMail, CipherTrust’s award-winning messaging security appliance. The analysis is focused specifically on the deployment rate and effectiveness of the Sender Policy Framework (SPF) e-mail authentication protocol. Most noteworthy is definitive evidence that SPF is not effective in identifying spam; however, e-mail authentication protocols like SPF do in fact prevent spoofing and phishing attacks.

In fact, according to CipherTrust’s research, 34 percent more spam is passing SPF checks than legitimate e-mail because spammers are actively registering their SPF records. In short, as long as spammers comply with the protocol by not spoofing the sender address, their messages will not be stopped by SPF. E-mail authentication does not determine whether a message is “good” or “bad,” but simply verifies that the sender is who it claims to be. CipherTrust’s research finds that a spam message is three times more likely to pass an SPF check than it is to fail it. Therefore, organizations cannot rely on such techniques alone to fight the spam epidemic, but should include e-mail authentication as part of their fraud and spam prevention arsenal.

CipherTrust’s recent study also reveals the number of Fortune 1000 companies deploying available e-mail authentication protocols has increased by nearly 200 percent since May. CipherTrust recommends that companies and their e-mail security providers take necessary steps to actively participate in the deployment of e-mail authentication protocols such as the Sender ID Framework, which resulted from the merger of SPF and Caller ID, an e-mail authentication protocol proposed by Microsoft. Further details about CipherTrust’s recent study can be found at www.ciphertrust.com/spf_stats .

Paul Judge, chief technology officer at CipherTrust, explained: “There is some bad news and good news about e-mail authentication protocols. First the bad news: these protocols alone are not effective in identifying spam because spammers are doing what they always have – adapting in order to circumvent measures aimed at stopping spam. The good news is the largest organizations in the world are recognizing the importance of e-mail authentication because it is very effective at stopping spoofing and phishing attacks. The rollout of the latest protocol, Sender ID, is led by strong industry collaboration, and will result in widespread deployment and success in the fight against spoofing and phishing.”

As the leading messaging security provider with 30 percent of the Fortune 100 among its customer base, CipherTrust has been extremely active in its support of e-mail authentication protocols over the last 18 months. In fact, CipherTrust’s Dr. Judge served as founder and chartering chairman of the Internet Research Task Force’s Anti-Spam Research Group (ASRG) in March 2003, out of which the original proposals leading to SPF were borne. Less than one year later in February 2004, CipherTrust became the first e-mail security vendor to incorporate SPF into its product, and pledged on May 26 to support the Sender ID Framework. In order to protect its customers from spoofing and phishing attacks, CipherTrust’s IronMail currently incorporates SPF as one of more than a thousand characteristics to identify unwanted messages, and will do the same once Microsoft’s Sender ID Framework protocol is available.

CipherTrust regularly monitors and analyzes traffic running through the nearly two thousand IronMail appliances deployed in the field to ensure customers are protected against new and innovative threats. Unlike some other research efforts, which use "spam traps" to lure and analyze e-mail messages, CipherTrust's research team analyzes spam messages targeting leading companies worldwide which are caught by the award-winning IronMail messaging security solution.

Explore further: Microsoft beefs up security protection in Windows 10

add to favorites email to friend print save as pdf

Related Stories

Tablets, cars drive AT&T wireless gains—not phones

9 hours ago

AT&T says it gained 2 million wireless subscribers in the latest quarter, but most were from non-phone services such as tablets and Internet-connected cars. The company is facing pricing pressure from smaller rivals T-Mobile ...

Twitter looks to weave into more mobile apps

10 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Recommended for you

Microsoft beefs up security protection in Windows 10

20 hours ago

What Microsoft users in business care deeply about—-a system architecture that supports efforts to get their work done efficiently; a work-centric menu to quickly access projects rather than weather readings ...

US official: Auto safety agency under review

Oct 24, 2014

Transportation officials are reviewing the "safety culture" of the U.S. agency that oversees auto recalls, a senior Obama administration official said Friday. The National Highway Traffic Safety Administration has been criticized ...

Out-of-patience investors sell off Amazon

Oct 24, 2014

Amazon has long acted like an ideal customer on its own website: a freewheeling big spender with no worries about balancing a checkbook. Investors confident in founder and CEO Jeff Bezos' invest-and-expand ...

Ebola.com domain sold for big payout

Oct 24, 2014

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Hacker gets prison for cyberattack stealing $9.4M

Oct 24, 2014

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Magic Leap moves beyond older lines of VR

Oct 24, 2014

Two messages from Magic Leap: Most of us know that a world with dragons and unicorns, elves and fairies is just a better world. The other message: Technology can be mindboggingly awesome. When the two ...

User comments : 0