Some spammers are getting their messages through using techniques designed to spot and stop them.
Many online banks have been hit by phishing attacks
A survey shows that spammers are the biggest users of a technique designed to find out if e-mail comes from the net address it says it does.
The system was developed to stop mail senders faking the address in e-mail messages to give them an aura of authenticity and fool spam filters.
However, the system is proving good at stopping spoofing and phishing attacks.
Many junk mail messages try to hide their origins by using a fake address for the place on the net where they originated.
In a bid to tackle this and to help sort out legitimate e-mail from the junk, a technology called the Sender Policy Framework (SPF) has been developed.
This is essentially an authentication scheme that tries to ensure that e-mail messages come from the place that they say they do.
But a survey carried out by mail filtering firm CipherTrust has shown that spammers are the most enthusiastic users of the SPF technology.
It found that 34% more spam is passing SPF checks than legitimate e-mail.
The figures were gathered from messages sent to and from CipherTrust customers between May and August 2004.
The problem arises because the SPF system only works out if e-mail comes from its claimed place of origin.
If it does, then SPF systems pass it as legitimate.
It does not check to see if that net location is owned by known spammers.
"These protocols alone are not effective in identifying spam because spammers are doing what they always have, adapting in order to circumvent measures aimed at stopping spam," said Paul Judge, chief technology officer at CipherTrust.
It will stop the spam that spoofs its origins because it only wants to collect live e-mail addresses, rather than sell goods.
But, said Mr Judge, the SPF technology is proving its worth when spotting e-mails from so-called phishers who try to pass themselves off as legitimate organisations.
Most online banks and many other net companies have been subject to phishing attacks which try to trick users into handing over login and account details using carefully crafted messages that look legitimate.
Many of the messages pose as security checks, routine ID updates or make people react by saying there is a problem with their account.