* Weighing e-mail domain authentication
Domain authentication has been touted as a valuable tool in the fight against spam. In theory, if a sender’s IP address has been authenticated, that is supposed to be a good indicator of the validity of the messages received from that source. However, in practice, authentication has turned out to be far less reliable for a couple of reasons.
First, spammers are among the heaviest users of authentication. For example, MX Logic analyzed a sample of 19 million unique e-mail messages sent from July 17 through July 23. Among senders that had published a Sender Policy Framework (SPF) record for their domain, 83% of the messages were from domains that send spam. Among those domains that had published SenderID records, 82% of the e-mail messages were from domains that send spam.
It’s almost as if receipt of an e-mail message from an authenticated domain is more of an indicator that the source is a spammer rather than a valid sender.
Second, only a very small percentage of domain owners have authenticated their domains using SPF, SenderID, DomainKeys Identified Mail (DKIM) or some other authentication scheme. Of the 82.9 million domain names that had been registered worldwide through the second quarter of 2005, fewer than one-tenth of 1% of these domains had been authenticated. In the MX Logic sample discussed above, only 9% of the e-mail messages were from domains that had an SPF record, and only 0.15% had a SenderID record.
None of this is to imply that authentication is dead or dying. I believe that authentication will be a valuable tool that will help organizations to manage e-mail more effectively. However, other techniques and technologies will be more valuable than authentication and will do more to eliminate the impact of spam.




