Spammers Still Using Sender Authentication
from the so-why-aren't-people-stopping-them? dept
Last August, we noted that more spammers than legitimate users were using sender authentication systems. The latest report suggests that it’s still being used in a wide variety of spam — suggesting that it’s really not doing very much good. Of course, the counter-argument is that this should let companies track down the spammers and stop them. However, there seems to be very little evidence that this is actually being done. In other words, for all the good sender authentication was supposed to do, it appears that very few are actually following through on the second part of the plan, which is dealing with “authenticated” spammers.
Comments on “Spammers Still Using Sender Authentication”
How can such systems be viable?
If I hijack a machine then I can identify all my spam as coming from the person whose machine has been hijacked (and can use his/her authenticated mail servers in the process — no need for an open relay!). This has always seemed like a crucial flaw in all these systems, and is now starting to be exploited (I don’t understand why it took so long).
Sadly the only viable approaches seem to be to examine the spam messages themselves and to teach people not to respond.
Re: How can such systems be viable?
Sadly the only viable approaches seem to be to examine the spam messages themselves and to teach people not to respond.
You make a good point. Spam wouldn’t exist if it wasn’t profitable. If we spent as much time trying to get people to ignore/delete spam as we spend trying to stop it at the source, we’d probably be more successful at stoping it forever.
It’s the 5% of the population that responds to spam that are the reason it exists.