Friday, February 11, 2005

Sender Authentication Widely Used To Fool Spam Defenses

Did you think that SPF and Sender ID would stem the flow of spewage into your e-mailbox? Seems it is about as effective as a DMA friendly CAN-SPAM law. Personally I have always bought into the idea that the spammers would use the very authentication tools designed to stop them to authenticate the spam, thereby letting it breeze by any defenses the hapless end user has put in place.

Personally I have found a combination of checking e-mail against both personal and community blacklists (I find SpamCop pretty effective) and Bayesian filters to be about 98% effective. I have to hand sort the rest of it. I have very, very few false positives -- so few that it is really not an issue. Also I use an anti-spam client which will allows me to restore an e-mail deleted by mistake.

There is only one way to stop spam and that is if nobody buys anything from spam, or nobody falls for phishing. That's not going to happen anytime soon, if ever.

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.