Spammers using sender authentication too, study says

    Date31 Aug 2004
    Posted ByAnthony Pell
    New technology for identifying the sender of e-mail messages has not been widely adopted despite backing from software giant Microsoft Corp. and may not be effective at stopping unsolicited commercial e-mail, otherwise known as spam, according to a survey by e-mail security company CipherTrust Inc. . . . A check of approximately two million e-mail messages sent to CipherTrust customers between May and July showed that only about 5 percent of all incoming messages came from domains that published a valid sender authentication record using Sender Policy Framework (SPF) or a newer standard, backed by Microsoft, called Sender ID. Within that 5 percent, slightly more is spam than legitimate e-mail, said Paul Judge, chief technology officer at the Atlanta company.

    Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.