What percentage of the SPF authenticated spam is being trapped by
the spam filters?
The big advantage of authentication is that you are no longer forced
to analyse at the message level. Even if you have zero third party
data available you can arrive at general conclusions such as
'all mail from example.com is spam' or the opposite.
Authentication alone is not a security solution. You also need
authorization. This is what I was saying 18 months ago in my
'Plan for No Spam'.
Phill
-----Original Message-----
From: Dean Anderson [mailto:dean(_at_)av8(_dot_)com]
Sent: Thursday, September 09, 2004 10:59 AM
To: Markus Stumpf
Cc: ietf-mxcomp(_at_)vpnc(_dot_)org
Subject: Re: SPF abused by spammers
Isn't that what I said would happen?
--Dean
On Thu, 9 Sep 2004, Markus Stumpf wrote:
Justin Murdock posted this link on the qmail list:
http://news.bbc.co.uk/1/hi/technology/3631350.stm
"CipherTrust [...] found that 34% more spam is passing
SPF checks than
legitimate e-mail."
\Maex
Date: Tue, 10 Aug 2004 19:55:57 -0400 (EDT)
From: Dean Anderson <dean(_at_)av8(_dot_)com>
To: 'IETF MARID WG' <ietf-mxcomp(_at_)imc(_dot_)org>
Subject: Analysis of SPF benefits for reduced filtering
It has been reported that AOL is already using SPF to give reduced
filtering to SPF-using domains. Is this a good idea?
IF you use SPF to provide less stringent anti-spam
processing, then you
are MORE vulnerable than you were before. You have shot
yourself in the
foot. Suppose for example that AOL subjects MSN users to
less stringent
anti-spam filtering because MSN uses SPF. MSN is still vulnerable to
viruses as it was before it used SPF, and it is just as vulnerable to
disposable account creation as it was before. Using SPF will
__attract__
abusers to MSN, because they can get more spam through to
AOL, because it
is subject to less processing. Since AOL is doing less
processing on the
same spam, AOL users get more spam. SPF is bad for both companies.
And of course, anyone who sets up a disposable domain can
also get spam
through to AOL by creating an SPF record for the domain. Disposable
domains along with disposable or stolen accounts is a major
problem now,
and it remains a major problem under SPF.
Anything that reduces spam filtering without reducing the number of
abusers will be harmful.
Basically, SPF gives abusers the opportunity to whitelist
themselves, or
the opportunity to identify ISPs that may be whitelisted. Any kind of
whitelist that is under the control of the sender, rather than the
recipient is also going to be ineffective and harmful.
Dean Anderson
Av8 Internet, Inc