spf-discuss
[Top] [All Lists]

Re: MX Logic CTO speaks out on spam and authentication

2004-11-16 20:11:09
Boyd Lynn Gerber wrote:

Below is a good article on how I few SPF as well.
Although technically correct, this article (and it's author) miss the primary point of SPF: to help prevent forgery.

-=Jeremy

---------- Forwarded message ----------
Date: Tue, 16 Nov 2004 19:20:01 -0600
From: NW on Messaging <Messaging(_at_)nwfnews(_dot_)com>

NETWORK WORLD NEWSLETTER: MICHAEL OSTERMAN ON MESSAGING
11/16/04
Today's focus: MX Logic CTO speaks out on spam and authentication


Today's focus: MX Logic CTO speaks out on spam and authentication

By Michael Osterman

Scott Chasin, CTO for MX Logic, had some interesting comments on spam and authentication at last week's FTC/NIST Email Authentication Summit.

Here's some of what he had to say:

* Spammers can quite easily publish their own Sender Policy ��Framework (SPF) record. In September, MX Logic reviewed 10 ��million spam messages that flowed through its network, ��representing more than 400,000 unique domains, and found that ��one in six of these domains had SPF records.

* Spammers can leverage throwaway domains quite easily. New ��domains can be registered quite easily and propagated throughout ��the Internet within a matter of hours. Domain registrars are ��plentiful and compete heavily on price, often not even requiring ��a credit card to register a domain. As a result, a spammer can ��register a domain, publish an SPF record for it and then discard ��the domain just as easily.

* The same self-publishing rules exist for accreditation ��services, meaning that spammers can run their own accreditation ��servers.

* A new spamming technique is for spammers to use authenticated ��sources that are thought not to be spamming conduits and send ��spam via bot networks to send spam at a low throughput rate, ��rendering the spam virtually undetectable.

What does this all mean for the future of authentication and spamming? First, it means - as its proponents have always maintained - that authentication is not a panacea for the spam problem, but is merely one strategy in the continuing battle against spam. While authentication of domains using SPF and other schemes is important, it probably will have relatively little impact on the overall flow of spam.

Secondly, Scott's comments highlight the fact that the spam battle is far from over and probably never will be. The need to aggressively address the problem of spam will continue indefinitely and will require continually updated approaches to solving the problem, as well as proactive maintenance and upgrading of spam-blocking systems.

RELATED EDITORIAL LINKS

The Extended Enterprise Issue
Network World, 11/15/04
http://www.nwfusion.com/ee/2004/
_______________________________________________________________
To contact: Michael Osterman

Michael D. Osterman is the principal of Osterman Research <http://www.ostermanresearch.com/>, a market research firm that helps organizations understand the markets for messaging, directory and related products and services. He can be reached by clicking here <mailto:michael(_at_)ostermanresearch(_dot_)com> _______________________________________________________________

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com