Spammers Are Early Adopters of SPF Standard 249
nazarijo writes "In an article entitled Spammers using sender authentication too, study says, Infoworld reports that a study by CipherTrust shows that SPF and Sender ID (SID) aren't nearly as effective as we expected them to be when combatting spam. The reason? Spammers are able to publish their own records, too. 'Spammers are now better than companies at reporting the source of their e-mail,' says Paul Judge, noted spam researcher and CipherTrust CTO. Combined with low adoption rates of either SID or SPF (31 of the Fortune 1000 according to CipherTrust), this means that the common dream of SPF or SID clearing up the spam problem wont be coming true. Wong, one of the original authors of SPF and a co-author of SID, says that it was never intended to combat all spam. Weng, another researcher in the space, says that this is just one of the many pieces of the puzzle needed to combat spam. Various SID implementations exist, including a new one from Sendmail.net based on their milter API, making it easy for you to adopt SID and try this for yourself."
Article Poster Doesn't Understand SPF (Score:5, Informative)
Weng and Wong are the same person. (Score:4, Informative)
Understanding SPF (Score:5, Informative)
It'll cut down on problems where forged senders are the main symptom, dramatically. That both includes viruses ( virii ) and some spammers.
But, as is stated, it's completely possible for spammers to keep their dns records updated too.
Now, if only we could get the whois accurate.
SURBL SPF (Score:2, Informative)
You need the support of your DNS provider (Score:4, Informative)
Re:Understanding SPF (Score:4, Informative)
Re:Isn't this what we want? (Score:3, Informative)
Re:This surprises anyone? (Score:5, Informative)
SMTP AUTH over SSL/TLS to your work's mail server and you can send all the work e-mail from home you want.
Charles
Re:Wow (Score:2, Informative)
The point is to not trust mail from domains having SPF records, where the sending server is not listed.
Whether or not AOL *has* an SPF record is not relevant. What is relevant is that *if* AOL has an SPF record, any mail with an AOL envelope sender should come from a server covered by that SPF listing.
Let me explain this (Score:3, Informative)
These sender id schemes won't stop spam at all. It's easy for a spammer to modify his dns to show the correct records and allow him to send.
But, here's the thing: HE DOES IT TO HIS OWN DOMAIN. We can then blacklist his domains and force him to keep coming up with new ones. Whack-a-mole, yes, but at least the "moles" aren't at legitimate domains.
You can complain all you want about how this isn't going to stop spam. Maybe it won't for you, but it will cut down the worthless junk hitting my mail server.
SPF ignorance is rampant (Score:5, Informative)
Anyone with clue can see this is another tool in the toolbox. Each piece of incoming mail is ranked with a score indicating its probability of being spam. SPF, whitelists, bayesian filters, being in html, coming from china, etc affect the score. There's no magic bullet to stop spam.
Anyone who has spent time as a systems admin of a mail server, should know this.
Re:The point of SPF (Score:2, Informative)
SPF is step one (we knew this already) (Score:3, Informative)
This primarily helps in two ways: first, it helps fight off certain kinds of social attacks. E-Mail can't claim to be from your bank; if it does, the MUA would display a big warning box stating the mail appears to be forged.
Second, it guarantees that people can't spam or send viruses using your domain name. The spammers have to (just as the article says) identify who they are; they can't claim to be someone else.
So no, obviously, that doesn't stop spam. It might block certain kinds of (soon to be obsolete) spam. You no longer have to blacklist all of aol.com, for example, since only real AOL users could send mail from @aol.com if we all used SPF.
This does, however, make it possible to do *MUCH* more accurate RTBL (Real Time Block Lists). The spammers have to identify themselves; once you have their identity, block all their mail. You got spam from @spammer.com? Block spammer.com. The guy at spammer.com can't pretend to be anyone else, so you've got him successfully blocked. Sure, he can register multiple domains, but with a good RTBL that isn't too much of a problem. Good RTBL already block most of the registered spammers - SPF makes their job easier since all spammers will be identifiable.
Mix SPF with a RTBL service and you *will* see a massive drop in spam. Over 80% of all incoming connections to my mail server are now blocked; most of the stuff that does get through is legit (lots of large mailing lists and traffic).