identities of email senders
Unfortunately, email sender surrounding these laptop incidents has shifted focus away from a very real threat -- the increasing severity of spam, deceptive e-mail E-Mail Marketing Software - Free Trial. Click Here. and phishing exploits that truly are intended to garner personal information and use it for illicit purposes. It would be a real shame if people began to lower their guard when confronted with a phishing attack, in the mistaken belief that nothing bad would really happen if they were to disclose personal information, such as online banking username-password combinations, to the wrong entity. Phishing and Forged Sender Names Phishing is certainly not on the wane. According to the email sender & Provider Coalition, a group founded in 2003 to fight spam while protecting the delivery of legitimate e-mail, 95 percent of all phishing attacks come via e-mail with a forged sender name. That e-mail will have a link to a fraudulent Web site where the unsuspecting user will be lured into entering sensitive information. It is not terribly difficult for an evildoer to masquerade as a legitimate business: deceptive domain registrations, look-alike domains, misspellings, domain Over 800,000 High Quality Domains Available For Your Business. Click Here. squatting -- some estimate that there are over 500,000 domains that have been registered solely for the purpose of sending deceptive e-mail. The impact on individuals seems to be clear: According to a Gartner (NYSE: IT) Latest News about Gartner report in May 2005, phishing and online attacks are causing a dip in consumer confidence, and cost us almost a billion dollars over a 12-month period. Adoption and use of online bill paying, e-commerce and online banking are falling. However, the impact to the organizations being spoofed is just as great. Not only is a great method of communicating with their customers -- e-mail -- being rendered ineffective, but their very brand is being attacked. They are placed squarely in the middle of a crisis in confidence in electronic messaging and e-commerce. It stands to reason that finding a solution will necessarily involve legitimate senders themselves. Trustworthy Messaging Much work has been done with regard to figuring out who really sent a message, and whether or not the party is worthy of our trust. Such trust is based on both the authentication and the reputation of the sender. The first step toward developing a system of trustworthy messaging is to confirm the identity of the real sender. There are several complementary standards in place today to do just that, known as "authenticated email sender." This is not e-mail authentication, which requires an individual to provide proof of identity before sending or opening a message. Rather, it refers to confirming the actual domain from which the e-mail is being sent. That information, coupled with step two, building a good reputation for that domain, can lead to improved deliverability and differentiation. The two front-runners are SIDF and DKIM. SIDF (Sender ID Framework) calls for the sender to publish acceptable message paths for the domain. The recipient then checks to make sure that the e-mail actually came from the domain. This is known as "path-based" authenticated e-mail, and while it sounds simple, it has not proven to be so. Large organizations with complex e-mail systems may find that publishing a list of acceptable paths is close to impossible. In addition, SIDF has problems with forwarding and multiple-hop messages.