“Spammers have started publishing their own Sender ID records, allowing their email to speed through anti-spam filters, according to this IDG News Service article.
Sender ID works by providing out-of-band notification of what IP addresses are authorized to originate email for each domain. So what the spammers have done is sign up for $5 domains, published records saying that their machines are authorized, and then they send away.”
In the Infoworld article, Paul Judge, chief technology officer at CipherTrust says that problem is that spammers have been faster to adopt the technology than legitimate e-mail senders.
Meng Weng Wong (co-authored of both the SPF and Sender ID standards) argues SPF nor Sender ID was never intended to stop spam:
“The technology is merely a way to stop one loophole spammers use: source address spoofing. Evidence that spammers are publishing SPF records is a good sign…
Spammers are buying into a future that will wipe them out…
In theory, when all spammers are forced to publish SPF records, along with all legitimate e-mail senders, it will be easy for legitimate companies to develop e-mail reputations for Internet domains that do and do not send spam
…In the past, we assumed all e-mail was good and tried to filter out the bad stuff. In the future, we’ll assume all e-mail is bad, and filter in the good stuff. It’s a lot easier.”
So where are with Sender ID today? John Hogan at SearchWin2000 sums up the current situation.
“The open source community’s mistrust of Microsoft cuts so deep, it appears that nothing will be able to heal the wound. Not even a royalty-free protocol to help fight spam.
Currently winding its way through the standards process at the Internet Engineering Task Force, Sender ID took a slap to the face late last week when the Apache Software Foundation issued a statement that it would not support the protocol because of intellectual property concerns. The Debian project, a fellow open source organization
Apparently, the terms of the free Sender ID license are agreeable to the likes of America Online, IronPort and about 50 companies — including DoubleClick — that are part of the Email Service Provider Coalition. Yet open source proponents are adamant that the license terms are a bad deal and are against everything they stand for.
…some technology analysts say Sender ID will likely be widely adopted, even if open source doesn’t back it.”
This last sentiment is echoed by some analysts, according to Margie Semilof.
“Analysts said it doesn’t really matter whether these organizations are on board because Sender ID will be adopted anyway, and it will happen quickly. “If IBM, Microsoft and Sendmail are using it, then it’s less of an issue,” said Mark Leavitt, a research analyst at International Data Corp., a Framingham, Mass.-based market research firm….
“If [open source contingents] don’t support [Sender ID] it won’t cripple the fight against spam,” Leavitt said. “Sender ID won’t solve the fight against spam either.”
Other analysts agreed. “This thing will be adopted and major ISPs will run it — and that’s where it will have the most effect,” said Jonathan Penn, a principal analyst at Forrester Research, in Cambridge, Mass.”
“If Apache doesn’t want to implement it, fine. People will just go somewhere else.” “
Anyway, I don’t get spam, I use RSS ;-).