Spammers fighting SPF

[Phantasm66]

SPF (Sender Protection Framework) records are used to authenticate IP addresses of e-mail senders and stop spammers from forging return e-mail addresses. But now it looks like spammers are fighting back, and registering their own SPF records!

E-mail security company MX Logic Inc report that 10 percent of all spam includes SPF records. The only hope for killing spam in this case, then, is for enterprises to increase their reliance on white lists for blocking spam. It may also be the case that spammers are supporting and adopting SPF faster than legitimate businesses are. Studies comparing spam to legitimate mail have seen 38% more spam messages using SPF than legitimate mail senders do.

Will spam never cease?

 

[Unregistered]

Spammers using SPF is good!

SPF developers agree that spammers publishing SPF records is an expected and indeed desired outcome of SPF. Why? Because when a spammer sends from a domain that he has published an SPF record for, it means he is not sending from your domain, or my domain or your Aunt Tilly's domain. If you and I and Aunt Tilly all publish SPF records for our domains, then, SPF checking email servers will be able to tell the difference between you, me, Aunt Tilly and the spammers. Domain based white and black listing suddenly become effective. Up till now they have been ineffective because spammers could claim to be sending from any domain.

Another thing. Some people say that SPF will be ineffective because spammers can hijack Aunt Tilly's machine and send out spam using her domain and SPF record. It's true, they can, but SPF means that the spam will be tracked back to Aunt Tilly's domain, to her email service provider, and they will be put on notice: fix Aunt Tilly's hijacked machine, or risk being blacklisted by a lot of the internet.

SPF isn't a spam cure by itself. It is an enabling technology that makes other spam prevention methods more successful.

More at spf.pobox.com

 

[vaisg]

Most of the SPF headers generated by the spammers are forged. It more likely to be that these spammers are trying to make recipients of spam think that SPF is ineffective.