The ease of purchasing domains, SSL certificates and now Sender Policy Framework (SPF) records under false identification is ridiculously easy and seems to erode, not enhance anti-spam and anti-fraud efforts. Users who look for certificates, "locks" on their browser, use SPF as a filter will be sadly educated as frauds are perpetrated using the so-called authentication assurance methods touted by technology providers.
Quote from article:
Based on a sample of 400,000 spam messages, MX Logic found that 16% had published SPF records. Scott Chasin, the company's chief technology officer, says this isn't unexpected. "The fact is that anybody can go out and purchase a $5 domain name and publish an SPF record," he says. "If you could publish your own credit report, how many folks out there would actually trust that?"
End quote
Article at
»
www.informationweek.com/story/sh···47102042