E-mail sender authentication: It works but doesn't stop spam
- By William Jackson
- Aug 31, 2004
A growing number of companies are using e-mail authentication protocols to help verify the Internet domain in an e-mail sender's address, but that is not keeping spam out of mailboxes.
Those are among the findings in an analysis of millions of e-mails by CipherTrust Inc. of Alpharetta, Ga.
The study focused on the effectiveness of Sender Policy Framework, a protocol supported by CipherTrust's IronMail e-mail security appliance.
SPF is effective in identifying spoofed e-mail addresses, but if spammers publish SPF records with legitimate domains, their spam is passed through the system.
And spammers appear to be among the early adopters of SPF.
'According to CipherTrust research, 34 percent more spam is passing SPF checks than legitimate e-mail,' the study found.
SPF allows a domain-holder, either an enterprise or individual, to publish a list of IP addresses from which e-mail can legitimately be sent from that domain. Servers receiving e-mail can check the published list to see if the sender's address is good. If the address does not appear on the domain's SPF list, it has been spoofed and can be rejected.
The technology still is in the early stages of deployment. A CipherTrust survey of Fortune 1,000 companies in April found only 11 had published SPF records to enable their e-mail to be authenticated. In August, that number had climbed to 31.
A new contender in authentication is the Sender ID Framework, a combination of Microsoft Corp.'s proposed Caller ID for E-mail protocol and SPF, along with a specification called Submitter Optimization.
CipherTrust conducted its study on messages collected from more than 1,000 customers using its IronMail appliance between May and August. Although relatively few domains have published SPF records, nearly 5 percent of e-mail messages identified as spam came from domains using SPF. Of those, 1.3 percent had been spoofed, and 3.6 percent were genuine, indicating that spammers are publishing SPF records at a higher rate than noncommercial e-mailers.
The use of authentication protocols could help fight fraud. It will not necessarily stop spam, but it could help to keep the spammers honest.
William Jackson is a Maryland-based freelance writer.