At CNET, Joris Evers provides an update on Microsoft’d Sender ID counterspam proposal titled Sender ID’s fading message. As you would expect from the title, it isn’t a rosy picture. Even worse,
About 1 million domains currently publish SPF records, Microsoft said. That’s much fewer than the 71.4 million domains that had been registered worldwide by the end of last year.
There is evidence to suggest that quite a few of the technology’s adopters are senders of junk e-mail. Out of a sample of more than 17.7 million e-mail messages taken in late June, a little more than 9 percent were from domains that published an SPF or Sender ID record, according to spam-filtering company MX Logic. About 84 percent of those authenticated messages were spam, it found.
“The majority of the adoption has been by rogue senders trying to get some legitimacy for their messages,” said Scott Chasin, the chief technology officer at Denver-based MX Logic.
For spammers, publishing a valid record means they will pass any Sender ID authentication part of a general spam check. Earlier this year, Microsoft said its Web-based e-mail service Hotmail would start flagging messages without valid authentication. Later this year, the company plans to introduce “tougher filtering on nonauthenticated e-mail,” Craig Spiezle, director of Microsoft’s technology care and safety group, said in June.
“The spammers have more of a motivation to go and do it than most other people,” said Forrester analyst Paul Stamp.
Well, at least it cuts out the spammers with forged addresses.