Spam Battle Moving to Authentication

By Dennis Callaghan  |  Posted 2004-05-28

Spam Battle Moving to Authentication

Enterprises will be getting new tools to combat the intractable spam problem as e-mail server software developers and third-party software tools embrace efforts to authenticate e-mail senders at the gateway to block both spam and viruses.

Microsoft Corp. made a number of announcements surrounding spam-blocking technologies for its Exchange messaging server at its TechEd conference in San Diego this week.

Service Pack 1 for Exchange 2003 contains the Microsoft Exchange Intelligent Message Filter (IMF)—which uses the SmartScreen heuristics-based content-filtering technology deployed at Microsofts MSN and Hotmail services—as another tool to screen out spam messages based on content.

But perhaps more importantly, Microsoft announced at the show that its Caller ID for E-mail proposal will be merged with the vendor-independent Sender Policy Framework (SPF) specification.

Both efforts are designed to make improvements in SMTP to prevent spammers from "spoofing," or forging legitimate e-mail addresses as the return addresses of their messages.

The merged specification will likely be published and submitted to the Internet Engineering Task Force by June and then included in Exchange Edge Services—an enhancement to the SMTP relay in Exchange Server that is planned for release next year.

Another technology to improve SMTP authentication, Yahoo Inc.s DomainKeys, may also join the effort at some point.

Meng Weng Wong, chief technology officer of e-mail forwarding service and leader of the group behind SPF, said DomainKeys needs more infrastructure upgrades before it can join the SPF/Caller ID effort.

"We dont want to bite off more than we can chew at this point," he said in Philadelphia. "I am working with Yahoo to define a DomainKeys directive inside the SPF language, though, which will help them a lot when theyre more ready to deploy."

Yahoo officials did not respond to requests for comment.

IBMs Lotus Software division, one of the top two developers of corporate e-mail software along with Microsoft, said it applauds the Caller ID/SPF union and plans to lend its support to the effort.

"We had urged the Caller ID and SPF people to merge their efforts," said Michael Shamrell, spokesman for the Lotus division. "Theres no reason we wont support the merged spec as soon as it stabilizes. It seems to have the backing of our development teams."

Next Page: Safelists based on IP address and presolved puzzle validity.

Safelists and Puzzles

Exchange Edge Services also will include support for managing safelists based on IP address and presolved puzzle validity—a technology known as Penny Black in the Microsoft research labs—that would require sending servers to solve complex computational puzzles for each e-mail they send out, with the idea that mass e-mailers would not have the computing power to solve the puzzles.

Microsoft also will look to provide technology that detects spam based on e-mail traffic analysis, according to Kim Akers, senior director in Microsofts Exchange group, though Akers said how Exchange would support those technologies has yet to be determined.

"These are technologies we have in development," Akers said. "Were taking the basic concept and figuring out how to implement them."

Chris Flowers, IT engineering manager at Graphic Packaging Corp., an Exchange 2003 customer in Marietta, Ga., said spam now accounts for one-half to two-thirds of the e-mail traffic his company receives.

Flowers said he blames flaws in the Internet, not in Exchange, for spam, but said he welcomes Microsofts latest efforts to curtail it.

"We will evaluate the effectiveness of the new spam-fighting solution in conjunction with our evaluation of third-party products," Flowers said. "If it is an effective tool, it will make Exchange a very powerful e-mail package in comparison to many others on the market."

For more collaboration coverage, check out Steve Gillmors Blogosphere.

Flowers said he expects that third-party vendors still will have a role to play in blocking spam even if Microsofts current and future anti-spam initiatives are successful.

"Something that is built into the Exchange system will most likely not be as flexible and updatable as a third-party solution," he said. "As spammers get more creative, we will have to see how well the built-in Exchange spam filtering keeps up."

Other moves in the industry indicate that anti-virus and anti-spam technologies are coalescing around e-mail authentication at the gateway.

Anti-virus software developer Symantec Inc. acquired anti-spam developer Brightmail Inc. earlier this month. The companies had already had a close relationship.

And last week, e-mail server and security appliance developer Mirapoint Inc. added the MailHurdle spam blocker to its Full-Spectrum e-mail security technology. The spam blocker works at the SMTP layer to track activity thats unusual or noncompliant with established Internet rules. It alerts administrators or blocks SMTP connections when such activity is detected.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

E-mail server developer Rockliffe Systems Inc. is planning support for SPF, Caller-ID for E-mail and DomainKeys in upcoming versions of its MailSite server and gateway products, due to be released this summer.

"E-mail authentication has the potential to mitigate spam, virus propagation and phishing," said Jeff Smith, CEO of e-mail security firm Tumbleweed Communications Corp., in Redwood City, Calif.

"E-mail authentication, including support for such standards as SPF, DomainKeys, and S-Mime, will become more pervasive as a defense against all e-mail threats to the network," he said.

Check out eWEEK.coms Messaging & Collaboration Center at for more on IM and other collaboration technologies.

Be sure to add our messaging and collaboration news feed to your RSS newsreader or My Yahoo page

Rocket Fuel