The robustness of new email identification standards presented at Virus Bulletin 2008

by Patrik Ostrihon (Comdom software),


Summary : Vulnerabilities in email protocols allow spammers to readily hide their true identities. This has motivated a number of
proposals to adopt new standards for authenticating messages. Sender Policy Framework (SPF) and DomainKeys Identified Mail
(DKIM) represent two such proposals. Both mechanisms are nevertheless open to abuse by spammers. This paper analyses how
spammers exploit SPF and DKIM to hide their true origins and send large volumes of advertisements, or more pernicious
content, from compromised networks.
SPF provides domain owners with a range of rules for identifying who is authorized to use the particular domain name as a
sender origin. These rules range from the very simple, such as elementary IP address listings, to complex rule-set
definitions. With improper configuration of rules, spammers can misuse the settings, infiltrate a domain unrecognized,
and send spam from that system. DKIM utilizes an electronic signature mechanism instead, but is also vulnerable to
spamming techniques aiming to infiltrate and misguide the mechanism. The analysis shows neither approach credibly
constrains the ability of spammers to cloak their identities and will only serve as complements to statistical content