Spammers Twist Microsoft's Good Into Evil

by CXOtoday Staff    Sep 10, 2004

Spammers seem to be always a notch ahead than all the efforts against their malicious intentions. According to a recent study by MX Logic Inc., a provider of email defense solutions for corporates, spammers have now begun to use Microsoft’s latest arsenal against spam, the Sender Policy Framework (SPF), to give their mail a garb of legitimacy.

The SPF is an email authentication technology recently introduced by Microsoft to help stop fraudulent email. In its preliminary study, MX Logic found that some spammers have embraced SPF in the hope that their unsolicited email messages will be viewed as more legitimate because the messages have an SPF email authentication record associated with them. In a sample of more than 400,000 unique spam email messages that passed through the MX Logic Threat Center from Aug. 29 through Sept. 3, 16 percent had published SPF records.

SPF helps prevent domain “spoofing” in email and makes it easier to identify fraudulent email scams and “phishing” attacks by authenticating the origin of an email. Email domain owners identify their “legitimate” sending mail servers by publishing an SPF record in the domain name system (DNS). This enables email servers to validate the source of incoming email against the associated SPF record to determine if the email sender’s domain is legitimate and not “spoofed.”

The company also reported that compliance with the federal anti-spam law, the Controlling and Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, rose to 2 percent in August up from an all-time low of 0.54 percent in July.

“In order for authentication to be effective against spam, the industry will need to come to agreement not only on the authentication standard to be used—such as SPF or Sender ID—but also on accreditation and reputation services that can vouch for the domain’s SPF record as well as email sending history.”

While CAN-SPAM compliance increased to 2 percent during August, the amount of spam also increased. Of all email traffic through the MX Logic Threat Center during the month, 92 percent was spam—up from 84 percent in July.

Tags: MS, security