Found some spammers today with SPF records set up


I came across some spam in my inbox today.  This company was pushing pump-and-dump stock spam for a medical company.  I saw that the company passed an SPF check.  That’s odd, I thought.  A spammer passing an SPF check?  So, I decided to check out the SPF records:



dig txt watammatau.com


;; ANSWER SECTION:
watammatau.com.         1800    IN      TXT     “v=spf1 +all


 Sure enough, this spammer has set up a site and complied with SPF; they’ve set up a record simply for the sake of setting up a record.  Not that it helps them or anything, but it looks like they’ve set up a record for the sake of setting up a record.


Comments (4)

  1. Mike says:

    It’s not, "odd." Spammers were the first people to adopt the usage of SPF

  2. Another Mike says:

    Despite this, SPF actually is useful (not as the ONLY tool) if it used PROPERLY. In other words, SPF is good when checking "spamminess" alongside other tools, not just using it as the sole measure of canned-meatness.

    Compare this blog entry:

    http://www.avertlabs.com/research/blog/index.php/2007/09/10/spammers-got-a-free-pass/

  3. Jeff Macdonald says:

    Terry, forward that message to a Hotmail account. I’m curious what it would show.

  4. Ram says:

    Now these spammers are the easiest to catch.

    If SPF passes for a mail and is sure spam. Blacklist the domain.

    Automate the process with some whitelists for gmail,msn etc  and you can block a lot of spam at the gate