Feeds

Sender authentication is coming

A cure for spam? Sadly not

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Sender authentication will almost certainly become a de facto standard part of the Internet's email infrastructure over the next few years, but it will not stop the spam problem by itself.

Microsoft, in a refreshing break from its usual standards strategy, has merged its Caller ID For Email specification with that of a competing independent project, Sender Policy Framework. The merged spec, now called Sender ID, is going through the Internet Engineering Task Force and is already gaining significant support.

SPF is already supported by tens of thousands of email servers, and Sender ID will be backwards compatible. Some companies are deploying SPF now with that in mind. Some of the biggest email providers in the world, namely AOL, Microsoft, and Yahoo are promoting Sender ID, along with Comcast and EarthLink in the US, and BT in the UK. Sendmail is adding support to its mail transfer agents.

Sender ID is expected to be relatively simple to deploy, requiring little ongoing maintenance. In essence, all you need to do is publish the IP addresses of approved outgoing email MTAs in your domain name records. When your users send email, the recipient can make sure the mail is coming from authorized IP addresses by checking the DNS for the domain in the "From:" field.

The spec is designed to mitigate the problem that a good 95 per cent of spam, not to mention joe-jobs (spam forged to appear as though it came from an innocent party) and email worms, use spoofed From: information to hide their source. Fortunately, it's a lot harder to spoof source IP addresses, although it is possible. Experts point out that if hackers gain the ability to forge IP addresses on a large scale, we'll have bigger problems to worry about than spam.

Sender ID won't solve the spam problem. At first nobody will make an accept/deny filtering decision based purely on the fact that the sender is authenticated, but they will likely use it as a heavily weighted factor to consider during a spam scoring operation.

There are also many legitimate reasons why a good email may originate from an IP address outside the authorized range, mainly to do with remote and traveling workers and mobile devices. It should also be considered that spammers will very probably start to publish their own Sender ID records, meaning the authentication will be pointless. There's also the problem that a compromised MTA could be used to send spam.

While Sender ID will not be a cure-all for spam or worms, it will probably do a good job of reducing the number of phishing attacks. The rate of adoption and support being seen in the industry means it will soon no longer be a question of if it will become the norm, but when.

Source: ComputerWire/Datamonitor

Related stories

Anti-phishing group backs email authentication
Chairman Bill's magic spam cure - a revenue opportunity?
We'll kill spam in two years - Gates

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.