Evidence is emerging to suggest that spammers are using SPF and other email authentication methods, such as Sender ID and Domain Keys Internet Mail (DKIM) to fool users and anti-spam filters into believing their messages are valid. Technology designed to prevent phishing and other nastiness is being turned against the very people it was designed to protect.

"Spammers continue to leverage SPF and Sender ID with the intention of making their messages appear more legitimate and to possibly avoid having their messages delivered with an onscreen notification that a Sender ID record was not found," said Scott Chasin, chief technology officer at MX Logic. "The strength of these protocols is further compromised by the fact that many legitimate senders have yet to adopt either Sender ID or SPF."