Using Corporate Logos to Beat ID Theft

When it comes to identity theft, a picture is worth a thousand words, according to executives at e-mail authentication startup Iconix.

When it comes to identity theft, a picture is worth a thousand words, according to executives at e-mail authentication startup Iconix Inc., which launched last week.

The Mountain View, Calif., companys technology uses corporate logos to distinguish legitimate e-mail messages from those that fake, or spoof, their origin. Iconix is preparing to announce its first product next quarter, said company officials.

In contrast to anti-spam and anti-phishing technologies that use filtering and blocking to stop unwanted e-mail, Iconix hopes to use images to make legitimate e-mail stand out from junk messages, allowing recipients to quickly and intuitively identify real correspondence.

The new technology is meant to positively identify legitimate senders and then let end users take whatever action they choose.

The product is based on an "industry standard" e-mail authentication architecture similar to Microsoft Corp.s Caller ID, though Iconix officials declined to say which architecture the company based its technology on.

A software plug-in that integrates with leading e-mail clients such as Microsoft Outlook communicates with an e-mail server component, verifying the sources of received e-mail messages.

When an e-mail message sent from an Iconix customer domain passes the companys authentication checks, the plug-in displays a corporate logo or other designated graphic in the "From" field, where the senders address would ordinarily appear.

The service allows e-mail recipients to distinguish legitimate from illegitimate senders at a glance and discourages scams such as phishing attacks, which use spoofed e-mail to impersonate legitimate companies.

The Iconix service is free to consumers, who will have to obtain a copy of the Iconix plug-in to participate.

But, Iconix will sell its services to large companies that want to discourage fraudulent use of their company name.

Recipients can drill down into e-mail messages and check additional authentication information, such as a senders digital certificate, in addition to the logo, Iconix officials said.

Behind the scenes, Iconix staff and business partners will be vetting customers to make sure they are legally registered companies with recognizable company or brand logos.

The new Iconix product will vouch for the source of e-mail messages, but the technology will not look at the underlying content of the e-mail message to check file attachments that may hold viruses, malicious hyperlinks or other unwanted content.

Organizations that are interested in the service will have to wait, also. Iconix will launch a beta program next month.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.