NEW CGI Directory

Home Press Releases MX Logic Reports 16 Percent of ...

Press Releases by

MX Logic Reports 16 Percent of Spammers Adopt Sender Policy Framework (SPF) Email Authentication Scheme

September 9, 2004; 07:02 AM

DENVER—September 8, 2004 - (—MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, today released the results of a preliminary study showing that spammers continue to develop tactics to dodge both legal and industry-backed efforts to curb spam.

In the study, MX Logic found that spammers are trying to make their messages appear more legitimate by adopting an emerging email authentication technology, Sender Policy Framework (SPF), intended to help stop fraudulent email. The company also reported that compliance with the federal anti-spam law, the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, rose to 2 percent in August—up from an all-time low of 0.54 percent in July.

In its preliminary study, MX Logic found that some spammers have embraced SPF in the hope that their unsolicited email messages will be viewed as more legitimate because the messages have an SPF email authentication record associated with them. In a sample of more than 400,000 unique spam email messages that passed through the MX Logic Threat Center from Aug. 29 through Sept. 3, 16 percent had published SPF records.

SPF helps prevent domain "spoofing" in email and makes it easier to identify fraudulent email scams and "phishing" attacks by authenticating the origin of an email. Email domain owners identify their "legitimate" sending mail servers by publishing an SPF record in the domain name system (DNS). This enables email servers to validate the source of incoming email against the associated SPF record to determine if the email sender's domain is legitimate and not "spoofed."

"Our preliminary findings on the adoption of SPF by spammers should come as no surprise to those of us on the front lines of the spam war," said Scott Chasin, CTO, MX Logic. "Combating spam has historically been a cat-and-mouse game, with newly developed technologies being followed almost immediately by spammer tactics that get around the new technologies. SPF is no different. While SPF is an excellent tool for preventing phishing and fraud, it is not a cure-all for spam."

"In order for authentication to be effective against spam, the industry will need to come to agreement not only on the authentication standard to be used—such as SPF or Sender ID—but also on accreditation and reputation services that can vouch for the domain's SPF record as well as email sending history."

Email sender domain reputation combined with accreditation would allow for the development of a clearinghouse of information on good email senders, rather than relying on techniques to identify bad email senders, according to Chasin. Such a "guilty until proven innocent approach" to email filtering will help minimize the need for arduous email content inspection and create a "first class" category of legitimate email which can flow through email filters without interruption.

MX Logic's findings on spammers using SPF go hand-in-hand with its findings that spammers have consistently evaded legal efforts to fight spam. MX Logic has monitored compliance with the federal anti-spam law, the CAN-SPAM Act, since it went into effect on Jan. 1, 2004. Since then, monthly compliance has ranged from a high of 3 percent from January through April to July's low of 0.54 percent. While CAN-SPAM compliance increased to 2 percent during August, the amount of spam also increased. Of all email traffic through the MX Logic Threat Center during the month, 92 percent was spam—up from 84 percent in July.

"I wouldn't read too much into last month's increase in CAN-SPAM compliance. Compliance with the law has always been negligible and the August data doesn't refute this trend. Two percent compliance is a minor uptick—not a meaningful surge," Chasin said.

"We have always maintained that having an anti-spam law on the books was only one part of a multi-faceted solution to spam," Chasin said. "Until the remaining pieces of the puzzle fall into place—namely, continued improvement in technology, industry cooperation on authentication, reputation and accreditation, and end-user education—spammers will continue to flout the law."

The CAN-SPAM Act requires that unsolicited commercial email senders:

• Ensure that the "FROM" line clearly reflects the sender's identity
• Include subject line text consistent with message content
• Include the advertiser's valid postal address
• Contain a working opt-out mechanism as a way for the consumer to decline to receive further commercial email from the sender

MX Logic tracks compliance with the CAN-SPAM Act by examining a random sample of 10,000 unsolicited commercial emails each week. Media and analysts interested in receiving monthly CAN-SPAM compliance statistics can subscribe to MX Logic's CAN-SPAM update by sending an email to [email protected]

Powering MX Logic's email defense solutions is the MX Logic® Threat Center, a sophisticated streaming-data environment where MX Logic monitors the global state of email communication 24 hours a day, seven days a week, and provides MX Logic's customers with real-time updates and protection. Led by email security experts with extensive experience in protecting messaging networks, the Threat Center provides dynamic email defense—staying ahead of the next attack by continually incorporating information about the latest spammer, virus and worm tactics.

About MX Logic
MX Logic, Inc., provides innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, and resellers and their customers. Deployed as a managed service or on-premise software, the company's feature-rich solution suite is the industry's most comprehensive, flexible and easy to use.

Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon ("Web bug") blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security.

Through the company's managed service offering, MX Logic processes millions of messages per day for over 2,500 organizations, including EnCana, Hyundai Motor America, The Sports Authority, YMCA and ServiceMaster. In addition, MX Logic is the only email defense company to offer both a managed service and a turnkey, carrier-grade software solution for service providers. For more information, visit



Related Resources

Other Resources