Speakers at E-Mail Summit Push Authentication, Reputation Tools

Spam and phishing are increasingly troublesome, and companies must implement safeguards, analysts say.

Representatives from 37 e-mail technology companies used a one-day Summit in New York on Tuesday to exhort private sector administrators and online marketers to adopt e-mail sender authentication technology that helps block spam and phishing attacks.

Around 500 people attended the E-Mail Authentication Implementation Summit and heard speeches by Internet luminary Esther Dyson, as well as executives from Microsoft Corp., Yahoo Inc. and the Direct Marketing Association.

With problems like spam and phishing continuing to grow, companies need to implement some form of e-mail authentication technology soon, and begin preparing for the next wave in e-mail security: sender reputation services, according to e-mail experts.

The implicit trust that existed when the Internet was created as a government-sponsored research project has evaporated, Dyson told Summit attendees in a keynote address.

Malicious hackers and organized, online criminal groups are freely exploiting weaknesses in core Internet technology such as e-mail and the Domain Name Service, she said.

With problems like spam and identity theft rampant, the organizations responsible for maintaining the Internet need to introduce "friction" back into Internet transactions that will distinguish friend from foe, she said.

Attendees were treated to in-depth discussions of technologies such as the open source SPF (Sender Policy Framework, Microsofts SIDF (Sender ID Framework) and the new DKIM (DomainKeys Identified Mail).

Executives from Bank of America and NewsCorp talked about their experiences implementing sender authentication technology and the benefits of authenticating outbound and inbound e-mail.

/zimages/2/28571.gifClick here to read more about technology companies submitting a new e-mail authentication standard to the Internet Engineering Task Force for consideration.

Within a year, most companies will have adopted some form of sender authentication technology for their e-mail, putting those companies that dont at a competitive disadvantage, said Erik Johnson, vice president of Email Infrastructure and Secure Messaging at Bank of America.

Corey Null of Principal Financial Group said that his company is a target of phishing attacks and has already implemented SPF for its e-mail domains.

He was at the Summit looking for indications of what further steps leading e-mail players would take to combat problems such as spam and phishing.

Echoing the comments of others at the Summit, Null said that implementing SPF hasnt lessened the companys exposure to phishing attacks, but it has caused Principal to get a better handle on how it sends e-mail.

"We sent a lot of mail through third parties and had no idea who was sending stuff in our name," he said.

Next Page: Setting up sub-domains.