Below is a good article on how I few SPF as well.
--
Boyd Gerber <gerberb(_at_)zenez(_dot_)com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
---------- Forwarded message ----------
Date: Tue, 16 Nov 2004 19:20:01 -0600
From: NW on Messaging <Messaging(_at_)nwfnews(_dot_)com>
NETWORK WORLD NEWSLETTER: MICHAEL OSTERMAN ON MESSAGING
11/16/04
Today's focus: MX Logic CTO speaks out on spam and
authentication
Today's focus: MX Logic CTO speaks out on spam and
authentication
By Michael Osterman
Scott Chasin, CTO for MX Logic, had some interesting comments on
spam and authentication at last week's FTC/NIST Email
Authentication Summit.
Here's some of what he had to say:
* Spammers can quite easily publish their own Sender Policy
��Framework (SPF) record. In September, MX Logic reviewed 10
��million spam messages that flowed through its network,
��representing more than 400,000 unique domains, and found that
��one in six of these domains had SPF records.
* Spammers can leverage throwaway domains quite easily. New
��domains can be registered quite easily and propagated throughout
��the Internet within a matter of hours. Domain registrars are
��plentiful and compete heavily on price, often not even requiring
��a credit card to register a domain. As a result, a spammer can
��register a domain, publish an SPF record for it and then discard
��the domain just as easily.
* The same self-publishing rules exist for accreditation
��services, meaning that spammers can run their own accreditation
��servers.
* A new spamming technique is for spammers to use authenticated
��sources that are thought not to be spamming conduits and send
��spam via bot networks to send spam at a low throughput rate,
��rendering the spam virtually undetectable.
What does this all mean for the future of authentication and
spamming? First, it means - as its proponents have always
maintained - that authentication is not a panacea for the spam
problem, but is merely one strategy in the continuing battle
against spam. While authentication of domains using SPF and
other schemes is important, it probably will have relatively
little impact on the overall flow of spam.
Secondly, Scott's comments highlight the fact that the spam
battle is far from over and probably never will be. The need to
aggressively address the problem of spam will continue
indefinitely and will require continually updated approaches to
solving the problem, as well as proactive maintenance and
upgrading of spam-blocking systems.
RELATED EDITORIAL LINKS
The Extended Enterprise Issue
Network World, 11/15/04
http://www.nwfusion.com/ee/2004/
_______________________________________________________________
To contact: Michael Osterman
Michael D. Osterman is the principal of Osterman Research
<http://www.ostermanresearch.com/>, a market research firm that
helps organizations understand the markets for messaging,
directory and related products and services. He can be reached
by clicking here <mailto:michael(_at_)ostermanresearch(_dot_)com>
_______________________________________________________________