Feeds

Sender authentication is coming

A cure for spam? Sadly not

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Sender authentication will almost certainly become a de facto standard part of the Internet's email infrastructure over the next few years, but it will not stop the spam problem by itself.

Microsoft, in a refreshing break from its usual standards strategy, has merged its Caller ID For Email specification with that of a competing independent project, Sender Policy Framework. The merged spec, now called Sender ID, is going through the Internet Engineering Task Force and is already gaining significant support.

SPF is already supported by tens of thousands of email servers, and Sender ID will be backwards compatible. Some companies are deploying SPF now with that in mind. Some of the biggest email providers in the world, namely AOL, Microsoft, and Yahoo are promoting Sender ID, along with Comcast and EarthLink in the US, and BT in the UK. Sendmail is adding support to its mail transfer agents.

Sender ID is expected to be relatively simple to deploy, requiring little ongoing maintenance. In essence, all you need to do is publish the IP addresses of approved outgoing email MTAs in your domain name records. When your users send email, the recipient can make sure the mail is coming from authorized IP addresses by checking the DNS for the domain in the "From:" field.

The spec is designed to mitigate the problem that a good 95 per cent of spam, not to mention joe-jobs (spam forged to appear as though it came from an innocent party) and email worms, use spoofed From: information to hide their source. Fortunately, it's a lot harder to spoof source IP addresses, although it is possible. Experts point out that if hackers gain the ability to forge IP addresses on a large scale, we'll have bigger problems to worry about than spam.

Sender ID won't solve the spam problem. At first nobody will make an accept/deny filtering decision based purely on the fact that the sender is authenticated, but they will likely use it as a heavily weighted factor to consider during a spam scoring operation.

There are also many legitimate reasons why a good email may originate from an IP address outside the authorized range, mainly to do with remote and traveling workers and mobile devices. It should also be considered that spammers will very probably start to publish their own Sender ID records, meaning the authentication will be pointless. There's also the problem that a compromised MTA could be used to send spam.

While Sender ID will not be a cure-all for spam or worms, it will probably do a good job of reducing the number of phishing attacks. The rate of adoption and support being seen in the industry means it will soon no longer be a question of if it will become the norm, but when.

Source: ComputerWire/Datamonitor

Related stories

Anti-phishing group backs email authentication
Chairman Bill's magic spam cure - a revenue opportunity?
We'll kill spam in two years - Gates

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?