E-mail authentication key to war on spam

E-mail filters have become effective at preserving our in-boxes, creating the illusion that spam has been tamed. But the bulk of spam is growing. MessageLabs said about 70 percent of all e-mail traffic as of this week, and 66 percent this year, was bogus.

Although junk- and malware-laden messages have been pushed out of sight for many computer users, they are not out of mind for those minding e-mail delivery systems, who say tackling the growing problem demands an answer to the simple question: Who’s e-mailing?

That’s what Microsoft and Sendmail say must be answered if businesses are to save e-mail from having its “killer app” status redesignated.

E-mail authentication systems such as Microsoft’s Sender ID systems, modeled after Caller ID for telephones, and Sendmail’s plans for trusted messaging are not new, but the companies are kick-starting their efforts.

This week, Microsoft added its specification to a list of free and open specifications for developers, and on Wednesday, Sendmail outlined the related rollout of its Trusted Unified Messaging Platform.

Sender ID, developed by Microsoft, Sendmail, and others, provides a way for e-mail senders and receivers to authenticate their messages. In the past two years, Microsoft says the technology protects 5 million domains and 600 million users worldwide.

Most ISPs use Sender ID alone or in combination with other e-mail authentication schemes, but developers have been slow to integrate it with antispam solutions, perhaps out of concern about Microsoft’s copyright claims over the technology. Redmond’s decision to include Sender ID with other specifications in its Open Specification Promise program should put those fears to rest.

Sendmail, which says it handles 65 percent of all e-mail, is pushing a broader platform of “trusted messaging” — “clean”, adhering to policy (Sarbanes-Oxley, primarily); secure/encrypted, and authenticated. The company’s platform will work across SMTP, IM, HTTP, out-of-the-box policies, and provide dashboard reporting for security and compliance.

“On average, one-third of a company’s critical business information is stored in the messaging system and potentially at risk,” Sendmail CEO Donald Massaro said.

“While attacks from outside sources, such as spam and viruses continue to rise, our customers are also concerned with protecting sensitive data from leaving the organization in order to protect their brand and comply with increasingly stringent regulatory requirements.”

Sendmail would roll out individual pieces of its platform over coming months, with the aim of having all in place by February of next year, in time for the RSA Security conference, Massaro said

Released Wednesday, the company’s version 2 of its mail filter, or “Milter”, allows users to integrate business rules with message handling characteristics.

Massaro said the standards process for Sender was “really going to ramp up” in the next 12 to 18 months, so the time was right. “All the pieces of the puzzle are there,” Massaro said.

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now