Please support our Tech Talk advertiser:
Featured Entry 
Jun 25th, 2006, 6:04 pm
According to just released research from Michigan based OnlyMyEmail Inc it would appear that Sender ID is ineffective as an anti-spam solution. Despite the high profile, and frankly somewhat aggressive PR campaign by Microsoft, the 60 day statistical analysis certainly suggests that it isn’t the Holy Grail of anti-spam that Mr. Gates would have us believe.
Across a 60 day period, OnlyMyEmail discovered that emails sent by a domain without a published Sender Policy Framework (SPF) record were only slightly less likely to be spam than those sent by domains that publish Sender ID information in their DNS records. But, emails returning a positive match for Sender ID were not significantly more likely to be legitimate compared to those without a published SPF record, which is surprising. Most surprisingly, in my view, was the fact that an email that failed Sender ID verification only had a 91.4% chance of actually being spam. This translates into a false positive rate (FPR) of 8.6% if Sender ID were relied upon to accept or reject messages. When I evaluate anti-spam solutions in a professional capacity, be that for a magazine labs review or with my consulting hat on for a corporate purchase decision, anything that returns a FPR greater than 1% is rejected out of hand (no company can afford to lose 1 out of every 100 business communications because it has been wrongly flagged as spam.) With 1 out of 6 emails passing Sender ID verification also likely to be spam, according to these results, and the spam probability of incoming mail from domains not publishing Sender ID data being 49.5%, non-compliant domains are less likely to be sending spam than those who publish SPF records within their DNS (although only just.)
If you are an administrator who relies upon Sender ID to make decisions on whether or not to accept or reject inbound emails, this is bad news indeed. Crikey, some of the first generation anti-spam solutions could return a vastly superior performance when it comes to accuracy than Sender ID on these results. Worse, administrators who publish non-specific Sender ID/SPF records (in terms of their sending IP addresses) increase the chances that their outbound email will not be delivered by almost 79%. OnlyMyEmail take their criticism of Sender ID even further, claiming that spammers now commonly publish SPF entries for their sending domains which means it is being used as a weapon to increase spam delivery rates. This works because many email administrators have become over-reliant on Sender ID.
I remain unconvinced that Sender ID or SPF is the solution to spam, a conviction that has been reinforced by this research. Not that it really needed any reinforcing over and above the simple fact that pretty much every ‘traditional’ anti-spam filter either on the client or server side that I’ve tested in a real world environment has out-performed it in every meaningful way. The FPR figure being the real bottom line here. If you currently are relying upon a Sender ID or SPF bases solution, at the very least I urge you to consider what I’ve written here, and the OnlyMyEmail research, and do some real world testing of your own. If the solution is costing your company more in potential lost business than the problem is in wasted time, well, you don’t need a management consultant to tell you what to do…
Across a 60 day period, OnlyMyEmail discovered that emails sent by a domain without a published Sender Policy Framework (SPF) record were only slightly less likely to be spam than those sent by domains that publish Sender ID information in their DNS records. But, emails returning a positive match for Sender ID were not significantly more likely to be legitimate compared to those without a published SPF record, which is surprising. Most surprisingly, in my view, was the fact that an email that failed Sender ID verification only had a 91.4% chance of actually being spam. This translates into a false positive rate (FPR) of 8.6% if Sender ID were relied upon to accept or reject messages. When I evaluate anti-spam solutions in a professional capacity, be that for a magazine labs review or with my consulting hat on for a corporate purchase decision, anything that returns a FPR greater than 1% is rejected out of hand (no company can afford to lose 1 out of every 100 business communications because it has been wrongly flagged as spam.) With 1 out of 6 emails passing Sender ID verification also likely to be spam, according to these results, and the spam probability of incoming mail from domains not publishing Sender ID data being 49.5%, non-compliant domains are less likely to be sending spam than those who publish SPF records within their DNS (although only just.)
If you are an administrator who relies upon Sender ID to make decisions on whether or not to accept or reject inbound emails, this is bad news indeed. Crikey, some of the first generation anti-spam solutions could return a vastly superior performance when it comes to accuracy than Sender ID on these results. Worse, administrators who publish non-specific Sender ID/SPF records (in terms of their sending IP addresses) increase the chances that their outbound email will not be delivered by almost 79%. OnlyMyEmail take their criticism of Sender ID even further, claiming that spammers now commonly publish SPF entries for their sending domains which means it is being used as a weapon to increase spam delivery rates. This works because many email administrators have become over-reliant on Sender ID.
I remain unconvinced that Sender ID or SPF is the solution to spam, a conviction that has been reinforced by this research. Not that it really needed any reinforcing over and above the simple fact that pretty much every ‘traditional’ anti-spam filter either on the client or server side that I’ve tested in a real world environment has out-performed it in every meaningful way. The FPR figure being the real bottom line here. If you currently are relying upon a Sender ID or SPF bases solution, at the very least I urge you to consider what I’ve written here, and the OnlyMyEmail research, and do some real world testing of your own. If the solution is costing your company more in potential lost business than the problem is in wasted time, well, you don’t need a management consultant to tell you what to do…
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,636 views, 1 comment, and 1 linkback. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jun 25th, 2006.
•
•
•
•
advertising apple blog business daniweb dell development economy email facebook firefox gaming google government hacking hardware ibm intel internet iphone ipod linux mac malware marketing microsoft mobile mp3 music news open source privacy programming search security server software sony spam stocks technology ubuntu video vista web windows xp yahoo youtube
All Recent Tags Comments (Newest First)
jwenting | duckman | Jun 26th, 2006
•
•
•
•
Given the extremely low penetration of the software in current email clients and servers it's the only likely outcome.
The dataset of the trial is far too small because of that low penetration to be in any way useful, but does show that spammers will use technology designed to spoof them in order to gain apparent legitimacy which is hardly surprising as they've abused everything designed to work against them in the past.
Spammers after all are high tech criminals, and criminals aren't known to play by the rules and behave like good citizens.
The dataset of the trial is far too small because of that low penetration to be in any way useful, but does show that spammers will use technology designed to spoof them in order to gain apparent legitimacy which is hardly surprising as they've abused everything designed to work against them in the past.
Spammers after all are high tech criminals, and criminals aren't known to play by the rules and behave like good citizens.
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Google gives users an insight into search (1 Day Ago)
- Apple fixes iPhone 2.0.1 software to break Pwnage tool (2 Days Ago)
- An Eventful Week for Apple, iPhone (4 Days Ago)
- Faster Firewire, Faster! (5 Days Ago)
- Amazon sells 240,000 Kindles (5 Days Ago)
- Parents have no idea what kids are doing online - shock horror (6 Days Ago)
- The "Mojave Experiment" - My "Microsoft Experience" (7 Days Ago)
- HD Moore gets owned (8 Days Ago)
- Google and Cuil search giants go head to head in DaniWeb testing (10 Days Ago)
- Crystal Ball Sunday #9: Intelligent Control (11 Days Ago)
Related Forum Threads
- cannot open one particular website (Web Browsers)
- Looking for a good Anti-Spam program (Viruses, Spyware and other Nasties)
- Outlook 2007 Beta Anti-Spam (Windows Software)
- need help on Anti Spam tool (Viruses, Spyware and other Nasties)
- Internet Access Stopped Working (Viruses, Spyware and other Nasties)
- C/C++ LAMP Opportunity - Anti-Spam (IT Careers and Business)
- How to handle spam? (Growing an Online Community)
- Help "sell script to send a mail" (Shell Scripting)
- Modem keeps dialling when i open files (Viruses, Spyware and other Nasties)
- hotmail temprily unavailable (Web Browsers)
