EmailSafety.net - Bad karma surrounds e-mail authentication plans

Bad karma surrounds e-mail authentication plans

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Page 2 of 2

"One of the big mistakes in authentication was too many cooks in the kitchen," Wong said.

The industry managed to boil SPF, Caller ID, Domain Keys and IIM down to just two authentication schemes: Sender ID and DomainKeys Identified Mail, or DKIM, Wong said.

But the next stage in the evolution of e-mail messaging -- mail reputation and accreditation -- is even more complicated, with vendor-backed services such as Bonded Sender, Habeas, Goodmail , TrustE, SenderBase, Spamhaus, Spamcop, SenderIndex and SenderScore providing overlapping services and, in some cases, competing with one another.

The result is that enterprise IT staff are overwhelmed with options, but have little guidance about how to assemble a working solution that will spot and block fraudulent spam messages, Wong said.

"We need to build The Reputation Store where folks can just go in and buy what they want," Wong said.

At Principal Financial Services in Des Moines, Iowa, Corey Null said he passed on the Summit this year, after attending the inaugural show in New York City last April.

"The issue kind of dropped off for us," Null said.

Principal implemented SPF in August 2004 to sign outbound mail from the company's servers and uses an anti-spam appliance from IronPort. That company's Senderbase reputation service checks for SPF records on inbound mail, he said. In January, Principal began authenticating outbound e-mail using the DKIM technology.

In general the new authentication technology has been introduced and deployed without incident, though Null said Principal has had some legitimate e-mail rejected from "mom and pop" companies using low-end or freeware anti-spam tools that are unable to match the e-mail's DKIM signature, he said.

That said, the new layers of message authentication haven't put a dent in the volume of spam Principal gets, Null said.

"We haven't seen on our inbound side (spam volume) decrease any over the past few years," he said.

Spam is 92 percent of Principal's inbound mail, and that's after most inbound e-mail attempts are dropped because they don't pass the Senderbase reputation check. The real percentage of spam is probably up over 95 percent, Null said.

But the debate over e-mail authentication and reputation seems to him to have stalled.

"There doesn't seem to be any new advancement in the standards. The same questions seem to persist: [mail] forwarding and news groups, mass mailers and things like that, but there's no new solution around them," he said.

Happy with the service IronPort provides, Null said he has "moved on."

"I keep reading all documents. Whatever new standard comes out, I'll look at it," he said.

Wong agrees. His open source SPF standard took off quickly after he introduced it in 2003, even getting adopted by major ISPs like AOL. Now he plans to launch a new company to make sense of the complexity around e-mail authentication.

His new company, Karmasphere, will be an open-reputation network that will simplify and enable the reputation industry, he said.

"When you go to a restaurant, the meal you eat may have thirty different ingredients, from soup to nuts, but you don't worry about that; you just say, 'I'd like the Set Lunch, Combo A, please,' and everything just happens," he said. "We're trying to create that same level of convenience."

« Previous | 1 | 2 | Next »

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites