E-mail sender authentication: It works but doesn't stop spam

A growing number of companies are using e-mail authentication protocols to help verify the Internet domain in an e-mail sender's address, but that is not keeping spam out of mailboxes.

Those are among the findings in an analysis of millions of e-mails by CipherTrust Inc. of Alpharetta, Ga.

The study focused on the effectiveness of Sender Policy Framework, a protocol supported by CipherTrust's IronMail e-mail security appliance.

SPF is effective in identifying spoofed e-mail addresses, but if spammers publish SPF records with legitimate domains, their spam is passed through the system.

And spammers appear to be among the early adopters of SPF.

'According to CipherTrust research, 34 percent more spam is passing SPF checks than legitimate e-mail,' the study found.

SPF allows a domain-holder, either an enterprise or individual, to publish a list of IP addresses from which e-mail can legitimately be sent from that domain. Servers receiving e-mail can check the published list to see if the sender's address is good. If the address does not appear on the domain's SPF list, it has been spoofed and can be rejected.

The technology still is in the early stages of deployment. A CipherTrust survey of Fortune 1,000 companies in April found only 11 had published SPF records to enable their e-mail to be authenticated. In August, that number had climbed to 31.

A new contender in authentication is the Sender ID Framework, a combination of Microsoft Corp.'s proposed Caller ID for E-mail protocol and SPF, along with a specification called Submitter Optimization.

CipherTrust conducted its study on messages collected from more than 1,000 customers using its IronMail appliance between May and August. Although relatively few domains have published SPF records, nearly 5 percent of e-mail messages identified as spam came from domains using SPF. Of those, 1.3 percent had been spoofed, and 3.6 percent were genuine, indicating that spammers are publishing SPF records at a higher rate than noncommercial e-mailers.

The use of authentication protocols could help fight fraud. It will not necessarily stop spam, but it could help to keep the spammers honest.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected