At present spammers commonly disguise the origin of their messages by replacing the sender addresses in their e-mail with someone else's domain name. This is called "domain spoofing", and can be countered by software that authenticates senders on the basis of their IP (Internet Protocol) address.
One such authentication tool is the newly launched protocol known as the Sender Policy Framework (SPF) but, according to CipherTrust, the technique permits 34% more spam than legitimate e-mail to pass through to the recipient.
The firm assessed e-mail being sent to and from companies using IronMail, CipherTrust's security appliance, and found that the SPF could not effectively identify spam, but did prevent spoofing and phishing attacks.
This was, said CipherTrust, because spammers are now registering their SPF records, and no longer spoofing their e-mail domains. Such spam cannot be detected by the protocol, and passes straight through.
"These protocols alone are not effective in identifying spam because spammers are doing what they always have, adapting in order to circumvent measures aimed at stopping spam," said Paul Judge, chief technology officer at CipherTrust, according to the BBC.
Elsewhere, the owner of a company that sells a spoof telephone Caller ID service has put his business up for sale only three days after its launch, citing threats and harassment.
Intended to target debt collectors and private detectives, Star38.com offered a means of hiding the true identity of a telephone caller, and was an attempt at commercialising technology that up to now has been the preserve of software developers and hackers.
"Some people," the firm's founder, Jason Jepson, told The New York Times, "are pretty fired up about this."