Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Found some spammers today with SPF records set up

Found some spammers today with SPF records set up

  • Comments 4

I came across some spam in my inbox today.  This company was pushing pump-and-dump stock spam for a medical company.  I saw that the company passed an SPF check.  That's odd, I thought.  A spammer passing an SPF check?  So, I decided to check out the SPF records:

dig txt watammatau.com

;; ANSWER SECTION:
watammatau.com.         1800    IN      TXT     "v=spf1 +all

 Sure enough, this spammer has set up a site and complied with SPF; they've set up a record simply for the sake of setting up a record.  Not that it helps them or anything, but it looks like they've set up a record for the sake of setting up a record.

Leave a Comment
  • Please add 6 and 3 and type the answer here:
  • Post
  • It's not, "odd." Spammers were the first people to adopt the usage of SPF

  • Despite this, SPF actually is useful (not as the ONLY tool) if it used PROPERLY. In other words, SPF is good when checking "spamminess" alongside other tools, not just using it as the sole measure of canned-meatness.

    Compare this blog entry:

    http://www.avertlabs.com/research/blog/index.php/2007/09/10/spammers-got-a-free-pass/

  • Terry, forward that message to a Hotmail account. I'm curious what it would show.

  • Now these spammers are the easiest to catch.

    If SPF passes for a mail and is sure spam. Blacklist the domain.

    Automate the process with some whitelists for gmail,msn etc  and you can block a lot of spam at the gate

Page 1 of 1 (4 items)