Microsoft Data Shows E-Mail Authentication Effective
Adoption of e-mail authentication technologies spikes after November FTC conference.
Adoption of e-mail authentication technologies spikes after November FTC conference.
Over 750,000 domains now publish Sender Policy Framework (SIDF) (define) records, the email identification protocol intended to thrwart spoofing and phishing. That figure is according to a Microsoft study.
This is 12 times the number of domains that published SPF records in November, when the Federal Trade Commission (FTC) held an E-mail Authentication Summit. There, SIDF technology was touted as an effective, but not perfect, weapon in the anti-spam arsenal.
Microsoft’s measurements are based on an analysis of the deployment of SIDF technology on MSN Hotmail’s email service in January and February, which includes 200 million user accounts worldwide, and feedback from many of those customers in the “Hotmail Feedback Loop” program.
“If you look at spam, the challenge is not the message or the content, but who it’s coming from,” said Craig Spiezle, Microsoft’s director of industry and external relations on its Saftety and Technology Team. “You need a system that provides proof and identification, and this has been the drive for adopting SDIF email authentication.”
Spiezle pointed to specific data from the month of February to demonstrate the technology’s performance on the Hotmail system. Microsoft found 31 percent of email could be clearly identified as “clean,” clearly identified with SPF records. This was delivered to end-users. Approximately 7 percent received a “neutral” rating and required further testing; and 27 percent of email traffic had records that were spoofed.
About 35 percent, meanwhile, fell into the “soft fail” category of messages that came from IP addresses not on Microsoft’s lists of authenticated senders.
Microsoft believes the findings validate SDIF’s ability as a first line of defense to filter domain-spoofing spam, while ensuring legitimate email gets through.
“It’s similar to developing a radar system. You want it to be sensitive enough so that it blocks spam flooding people’s inboxes, but not so fine-tuned that it’s confusing flocks of geese with 747s,” Spiezle said. “This data shows SDIF has promise.”