SIDF and the numbers
There are technical difficulties with these standards, of course, especially with forwarding accounts. Many universities, for example, allow alumni to keep an e-mail address and forward the mail on to their own personal account. Many commercial services, like Spamex, work the same way. If I send mail "from" my usndh.edu (University of Southern North Dakota at Hoople) address but send it through my comcast.net mail server, then its going to fail any reasonable authentication check. There really isnt a good solution to this. But all that aside, in the years since the standards positions hardened, have they had any effect? Microsoft argues that they have. Last week at the AOTS conference in Boston they announced that SIDF blocks 20 million fraudulent messages. Now when Microsoft says "Sender ID" in cases like this they often mean "SPF" which is incorporated as part of SIDF. In fact, its probably complete overlap now.Some people think the answer is to throw out the old Internet and build a new one. Click here to read more on the idea. Microsoft throws out a lot of other numbers:
More from Larry Seltzer
Its possible, for example, for a spammer to put SPF records on their junk domain and use a proper envelope when sending it, and then to use FROM: and SENDER: headers in the message with "microsoft.com" in them. Sender ID would detect this, although the SPF test would pass. So if youre sending out spam and spoofing FROM: addresses to do it, make sure not to spoof a Sender ID domain.
- 98% of phishing messages are caught by Sender ID
- 90% of e-mail marketers have implemented Sender ID
- E-mail marketers who implement SIDF and have a positive reputation have "up to 85% fewer messages mistakenly marked as spam."
- 3.8 billion out of the 4.5 billion messages sent to Hotmail every day are spam.
- 300 million of those messages to Hotmail come from domains with SPF records.