Advertisement
Promo

Security threats Toolkit

In association with Network Liberation Movement

Talkback

Post a comment


Story: Experts clash over merits of anti-spam authentication

  • Previous comment

Posted by: Wayne Schlitt (Monday 10 October 2005, 5:37 PM)

  • Reply

SPF is designed to stop email forgery. It is not designed to tell you if any given email is spam or not. While a lot of spam uses forged email addresses, and thus SPF failures are often a good indicator of spam, forged email is often undesirable, even if it is not explictly spam.

Fitzgerald says that SPF is "breakable" by having bot nets no longer forge email addresses is kind of silly. The world would be a much better place if all spammers and phishers did exactly what Fitzgerald suggests. It would mean a large reduction in the amount of bounced spam going to the wrong person and having people blame you just because your email address was forged.

I am sad that both Outblaze and Earthlink have removed their support of SPF. On the other hand, other major ISPs such as Roadrunner, have added support for SPF during that same time period. While it would be nice if there was a steady increase in SPF support, I am not surprised that various organizations have been adding and deleting SPF records, as they have since the beginning.

SPF allows you to apply reputations to incoming email, so that known spamming domains can be blocked, and known good domains can be let through, even if the email uses a few spammy keywords. Many spammers are stupid and will publish SPF records even if it hurts them. Even more marketing departments think what they are doing isn't spamming, and so they publish SPF records too.

I've never figured out why folks like CiperTrust are so worried when lots of email that is spam shows up with valid SPF records. This, again, is a good thing. It lets us block them easier.

I don't believe any single system will stop spam. I think that DNSBLs, bayesian analysis, SPF, DKIM, DCC/Razor, detection of deceptive HTML, legal pursuit, ISPs kicking off spammers, etc. all can play an important part of reducing spam. Spam, like other forms of theft, will never go away, but to stop theft we don't *just* depend on the police. We also have locks on our doors, we have neighborhood watches, we keep doors well lit, etc.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

3 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters