Spammers are beginning to exploit an emerging, Microsoft Corp-backed system intended to prevent unsolicited communications, according to a survey of internet traffic.
16% of spam sent during August used published Sender Policy Framework (SPF) records, a fundamental part of Sender ID, which is being heavily pushed by Microsoft and adopted by e-mail and service providers. MX Logic surveyed 400,000 unique spam messages.
SPF is designed to curtail spoofing, as e-mail domain owners identify their service by publishing an SPF record in the Domain Name System (DNS). SPF records allow destination e-mail servers to validate the source of an incoming e-mail.
SPF, and Sender ID in general, is being hailed as a means of beating the rising problem of phishing, where spammers spoof official bank and e-commerce provider communications, enticing recipients to surrender personal financial details.
In a statement, MX Logic Chief Technology Officer Scott Chasin, called combating spam a cat and mouse game where newly developed technologies are followed almost immediately by spammer tactics that get around the new technologies.
While SPF is an excellent tool for preventing phishing and fraud, it is not a cure-all for spam, Chasin said.
Meanwhile, MX Logic also reported spammers’ compliance with the CAN-SPAM Act rose two percent last month, up from an all-time-low of 0.54% in July. The e-mail company also reported spam increased levels of spam last month, with 92% of e-mail traffic running through its Treat Center counted as spam compared to 84% in July.