Speakers at E-Mail Summit Push Authentication, Reputation Tools

By Paul F. Roberts  |  Posted 2005-07-13

Speakers at E-Mail Summit Push Authentication, Reputation Tools

Representatives from 37 e-mail technology companies used a one-day Summit in New York on Tuesday to exhort private sector administrators and online marketers to adopt e-mail sender authentication technology that helps block spam and phishing attacks.

Around 500 people attended the E-Mail Authentication Implementation Summit and heard speeches by Internet luminary Esther Dyson, as well as executives from Microsoft Corp., Yahoo Inc. and the Direct Marketing Association.

With problems like spam and phishing continuing to grow, companies need to implement some form of e-mail authentication technology soon, and begin preparing for the next wave in e-mail security: sender reputation services, according to e-mail experts.

The implicit trust that existed when the Internet was created as a government-sponsored research project has evaporated, Dyson told Summit attendees in a keynote address.

Malicious hackers and organized, online criminal groups are freely exploiting weaknesses in core Internet technology such as e-mail and the Domain Name Service, she said.

With problems like spam and identity theft rampant, the organizations responsible for maintaining the Internet need to introduce "friction" back into Internet transactions that will distinguish friend from foe, she said.

Attendees were treated to in-depth discussions of technologies such as the open source SPF (Sender Policy Framework, Microsofts SIDF (Sender ID Framework) and the new DKIM (DomainKeys Identified Mail).

Executives from Bank of America and NewsCorp talked about their experiences implementing sender authentication technology and the benefits of authenticating outbound and inbound e-mail.

Click here to read more about technology companies submitting a new e-mail authentication standard to the Internet Engineering Task Force for consideration.

Within a year, most companies will have adopted some form of sender authentication technology for their e-mail, putting those companies that dont at a competitive disadvantage, said Erik Johnson, vice president of Email Infrastructure and Secure Messaging at Bank of America.

Corey Null of Principal Financial Group said that his company is a target of phishing attacks and has already implemented SPF for its e-mail domains.

He was at the Summit looking for indications of what further steps leading e-mail players would take to combat problems such as spam and phishing.

Echoing the comments of others at the Summit, Null said that implementing SPF hasnt lessened the companys exposure to phishing attacks, but it has caused Principal to get a better handle on how it sends e-mail.

"We sent a lot of mail through third parties and had no idea who was sending stuff in our name," he said.

Next Page: Setting up sub-domains.

Setting Up Sub


Following the lead of companies such as Bank of America, administrators at Principal set up a series of sub-domains exclusively for sending out e-mail solicitations and consolidated management of those domains within the company, he said.

Representatives from e-mail marketing companies and bulk e-mail senders were also in the crowd at the Summit.

Ed Mnich, post master of Premiere Global Services, a bulk e-mail sender in Tinton Falls, N.J., said that he came to find out the latest information about how the messaging space is likely to evolve in coming months.

For attendees like Mnich, e-mail experts said that an increasing focus on establishing online reputations for senders will be part of that evolution.

In a round-table discussion of Emerging Accreditation and Reputation Solutions, Trevor Hughes, executive director of the Email Service Provider Coalition, said that some kind of reputation scoring has to be implemented, in addition to sender authentication, to protect the integrity of e-mail.

"Sender authentication alone is not enough to protect the entire e-mail ecosystem," Hughes said.

Most leading e-mail providers already use some form of reputation scoring, including Microsoft, which said in June that it selected Habeas Inc. of San Jose, Calif., to provide e-mail accreditation services for The Microsoft Network and MSN Hotmail.

Yahoo doesnt subscribe to reputation services like Habeas, but does use uses a variety of measures to score inbound e-mail, according to Miles Libbey, Anti-Spam Product Manager at Yahoo.

Read more here about Yahoo and Cisco joining forces to promote e-mail authentication.

But large e-mail inbox providers and senders need to be careful not to balkanize the e-mail world by forging exclusive relationships with different e-mail reputation providers, thereby requiring receivers to support multiple, competing reputation services, said Hughes.

Ragy Thomas, Chief Technology Officer at Bigfoot Interactive, an e-mail forwarding company, agreed.

The combination of multiple sender authentication schemes, when coupled with multiple e-mail reputation and accreditation services, could spell big trouble for e-mail senders like Bigfoot, he said.

Reputation and sender authentication services need to be used, together, to verify e-mail messages, but more needs to be done to simplify those technologies, he said.

"From the senders standpoint, we would like to see the [messaging] industry come together faster," he said.

Check out eWEEK.coms for more on IM and other collaboration technologies.

Rocket Fuel