[Asrg] Re: SPF abused by spammers

["Anne P. Mitchell, Esq." <amitchell at isipp.com>]

> I'm currently discussing this with an analyst at CipherTrust, who are
> keen not to be mis-represented but have little control over what the
> press actually pick up from their PR of course.

Or little control over what their PR says, apparently - the problem is 
almost certainly this line from CipherTrust's _own_ press release which 
started it all:


"In fact, according to CipherTrust’s research, 34 percent more spam is 
passing SPF checks than legitimate e-mail because spammers are actively 
registering their SPF records. In short, as long as spammers comply 
with the protocol by not spoofing the sender address, their messages 
will not be stopped by SPF."

Now, granted, the follow-on is:

"E-mail authentication does not determine whether a message is “good” 
or “bad,” but simply verifies that the sender is who it claims to be. 
CipherTrust’s research finds that a spam message is three times more 
likely to pass an SPF check than it is to fail it. Therefore, 
organizations cannot rely on such techniques alone to fight the spam 
epidemic, but should include e-mail authentication as part of their 
fraud and spam prevention arsenal."

..but one can easily see why the press grabbed what it did and ran with 
it.

Anne

Anne P. Mitchell, Esq.
President/CEO
Institute for Spam and Internet Public Policy
Professor of Law, Lincoln Law School of SJ


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg