At present spammers commonly disguise the origin of their
messages by replacing the sender addresses in their e-mail with
someone else's domain name. This is called "domain spoofing", and
can be countered by software that authenticates senders on the
basis of their IP (Internet Protocol) address.
One such authentication tool is the newly launched protocol
known as the Sender Policy Framework (SPF) but, according to
CipherTrust, the technique permits 34% more spam than legitimate
e-mail to pass through to the recipient.
The firm assessed e-mail being sent to and from companies using
IronMail, CipherTrust's security appliance, and found that the SPF
could not effectively identify spam, but did prevent spoofing and
phishing attacks.
This was, said CipherTrust, because spammers are now registering
their SPF records, and no longer spoofing their e-mail domains.
Such spam cannot be detected by the protocol, and passes straight
through.
"These protocols alone are not effective in identifying spam
because spammers are doing what they always have, adapting in order
to circumvent measures aimed at stopping spam," said Paul Judge,
chief technology officer at CipherTrust, according to the BBC.
Elsewhere, the owner of a company that sells a spoof telephone
Caller ID service has put his business up for sale only three days
after its launch, citing threats and harassment.
Intended to target debt collectors and private detectives,
Star38.com offered a means of hiding the true identity of a
telephone caller, and was an attempt at commercialising technology
that up to now has been the preserve of software developers and
hackers.
"Some people," the firm's founder, Jason Jepson, told The New
York Times, "are pretty fired up about this."
