PostX Is Poised to Foil Phishing Attacks

PostX is expanding its secure e-mail delivery technology into a system for verifying e-mail and preventing phishing.

SAN FRANCISCO—PostX Corp. plans to expand its secure e-mail delivery technology into a system for verifying e-mail and preventing so-called "phishing" attacks.

The Cupertino, Calif., company also joined with the Business Software Alliance, Microsoft Corp., RSA Security, VeriSign Inc. and others in the Coalition on Online Identity Theft, a consortium organized last September by the Information Technology Association of America to fight identity theft.

PostXs product, called Trusted Dialog, will provide a server- and client-side combination to prevent phishing, or the use of seemingly authentic e-mails to lure unsuspecting recipients into revealing personal information. However, company executives declined to indemnify clients or guarantee the product, which will be priced and made available early in the second quarter.

"Customers have begun bringing this to our attention for almost two years as a top concern," said Scott Olechowski, vice president of products and strategy at PostX, in a press conference at the RSA Conference here on Wednesday. "The number of scams and their effectiveness has been increasing as well. And we think the next effect of this is to erode trust in the e-mail channel."

Olechowski said there is no need to revamp the e-mail system, as Microsoft chairman Bill Gates intimated in a speech on Tuesday. Anti-spam measures fail to protect the enterprise customer sending the mail, he said, and innovations like S/MIME dont work with some common e-mail systems, like AOL and Microsofts Hotmail.

Instead, PostX will offer a system whereby companies will be able to sign e-mails they send to clients and customers using an identifying hash. Users will be able to download a helper application, providing browser-level access to the PostX risk assessments, which will be flagged with red, yellow or green indicators. All three levels will permit e-mails to be passed, but yellow- and red-flagged e-mails will come with warnings that the e-mail may be fraudulent. The client application will probably be contained within a browser toolbar, Olechowski said, similar to the toolbars from Google and Yahoo that provide integrated search and other functions.

Enterprise customers will probably be charged on a per-CPU basis for Trusted Dialog, Olechowski said. The client application will be free. PostXs customers include JPMorgan Chase, Charles Schwab, ABN Amro, the Mayo Clinic and Childrens Hospitals, the company said.