[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 7 September, 2004, 08:09 GMT 09:09 UK
Spammers exploit anti-spam trap
Log in screen of online bank, BBC
Many online banks have been hit by phishing attacks
Some spammers are getting their messages through using techniques designed to spot and stop them.

A survey shows that spammers are the biggest users of a technique designed to find out if e-mail comes from the net address it says it does.

The system was developed to stop mail senders faking the address in e-mail messages to give them an aura of authenticity and fool spam filters.

However, the system is proving good at stopping spoofing and phishing attacks.

Domain denial

Many junk mail messages try to hide their origins by using a fake address for the place on the net where they originated.

In a bid to tackle this and to help sort out legitimate e-mail from the junk, a technology called the Sender Policy Framework (SPF) has been developed.

These protocols alone are not effective in identifying spam because spammers are doing what they always have, adapting in order to circumvent measures aimed at stopping spam
Paul Judge, CipherTrust
This is essentially an authentication scheme that tries to ensure that e-mail messages come from the place that they say they do.

But a survey carried out by mail filtering firm CipherTrust has shown that spammers are the most enthusiastic users of the SPF technology.

It found that 34% more spam is passing SPF checks than legitimate e-mail.

The figures were gathered from messages sent to and from CipherTrust customers between May and August 2004.

The problem arises because the SPF system only works out if e-mail comes from its claimed place of origin.

If it does, then SPF systems pass it as legitimate.

It does not check to see if that net location is owned by known spammers.

"These protocols alone are not effective in identifying spam because spammers are doing what they always have, adapting in order to circumvent measures aimed at stopping spam," said Paul Judge, chief technology officer at CipherTrust.

It will stop the spam that spoofs its origins because it only wants to collect live e-mail addresses, rather than sell goods.

But, said Mr Judge, the SPF technology is proving its worth when spotting e-mails from so-called phishers who try to pass themselves off as legitimate organisations.

Most online banks and many other net companies have been subject to phishing attacks which try to trick users into handing over login and account details using carefully crafted messages that look legitimate.

Many of the messages pose as security checks, routine ID updates or make people react by saying there is a problem with their account.


SEE ALSO:
Keeping how the net works open to all
03 Sep 04  |  Technology
US tops league of e-mail spammers
24 Aug 04  |  Technology
'DNA analysis' spots e-mail spam
25 Aug 04  |  Technology
Sex spam clogs summer inboxes
18 Aug 04  |  Technology
Home PCs hijacked to spread spam
03 Aug 04  |  Technology
E-mail scams cost banks 1m
24 Apr 04  |  Moneybox


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific