Spammers Skirt IP Authentication Attempts

By Dennis Callaghan  |  Posted 2004-09-06

As enterprises continue to register Sender Protection Framework records, hoping to thwart spam and phishing attacks, spammers are upping the ante in the war on spam and registering their own SPF records.

E-mail security company MX Logic Inc. will report this week that 10 percent of all spam includes such SPF records, which are used to authenticate IP addresses of e-mail senders and stop spammers from forging return e-mail addresses. As a result, enterprises will need to increase their reliance on a form of white-listing called reputation analysis as a chief method of blocking spam.

E-mail security appliance developer CipherTrust Inc., of Alpharetta, Ga., also last week released a study indicating that spammers are supporting SPF faster than legitimate e-mail senders, with 38 percent more spam messages registering SPF records than legitimate e-mail.

The embrace of SPF by spammers means enterprises adoption of the framework alone will not stop spam, which developers of the framework have long maintained.

Enter reputation analysis. With the technology, authenticated spammers whose messages get through content filters would have reputation scores assigned to them based on the messages they send. Only senders with established reputations would be allowed to send mail to a users in-box. Many anti-spam software developers already provide such automated reputation analysis services. MX Logic announced last week support for such services.

"Theres no question SPF is being deployed by spammers," said Dave Anderson, CEO of messaging technology developer Sendmail Inc., in Emeryville, Calif.

"Companies have to stop making decisions about what to filter out and start making decisions about what to filter in based on who sent it," Anderson said.

The success of reputation lists in organizations will ultimately depend on end users reporting senders as spammers, Anderson said. "In the system were building, the end user has the ultimate control," he said.

Scott Chasin, chief technology officer of MX Logic, cautioned that authentication combined with reputation analysis services still wont be enough to stop spam. Chasin said anti-spam software vendors need to work together to form a reputation clearinghouse of good sending IP addresses, including those that have paid to be accredited as such.

"There is no central clearinghouse at this point to pull all the data that anti-spam vendors have together," said Chasin in Denver. "Were moving toward this central clearinghouse but have to get through authentication first."

Check out eWEEK.coms Messaging & Collaboration Center at for more on IM and other collaboration technologies.

Be sure to add our messaging and collaboration news feed to your RSS newsreader or My Yahoo page

Rocket Fuel