Researchers at Symantec have noticed that the Sender Policy Framework (SPF), which is an email validation system designed to prevent email spam, is being used by a new trojan, dubbed Spachanel. Ironically, the bug is used to hijack a web browser to serve up spam pop-ups.