Trying to keep some kind of control over the ever-increasing flood of spam email that assaults email servers is a constant battle for email professionals. Whether the spam consists of advertisements for unneeded products and services, come-ons by fake mortgage lenders, shady offers for prescription pharmaceuticals, or outright pornography, the goal of email administrators is to keep all of this junk out of their users' Inbox. The main problem is the classic one of the Dutch boy and the dike: All we can do is try to cover the holes. IT doesn’t own the dike or the huge body of water behind it, and although that water is critical to life, filtering out the pollutants has become a full-time job.
The situation with spam has resulted in a major push for email-server vendors to take up the cause of authenticated email. An authenticated email system authenticates each piece of mail in a way that prevents (or rather, identifies) the spoofing of email headers. Because at least 99.9% of email with unverifiable information in the header fields is spam, an automated mechanism that authenticates message header information would cut down the amount of spam traffic exponentially.
In the Microsoft world, the key mechanism for message authentication is the Sender ID Framework (SIDF). Combining Microsoft’s Caller ID for Email technology and the Sender Policy Framework (developed by POBox.com’s CTO Meng Weng Wong), the first step in Sender ID's authentication process is validating the IP address of the server that sends an email message. Although sender authentication isn't a complete spam solution, it could be a significant aid in stopping phishing attacks. Phishers have become very sophisticated, and in many of the phishing emails I've seen, only a single IP address in the complete header information is a giveaway that the message is a con. Currently, the only way to stop a phishing attack is for potential victims to recognize the attack for what it is and delete the email message. Sender ID could eliminate phisher emails from entering a user's Inbox, eliminating the chance that the user would fall for a well-crafted attack. . . .
Register
