• Client Login
  • Contact Us

Categories

    Subscribe

      Want to stay up-to-date on all of the latest news and research from Return Path's email deliverability experts? We'll send 'em as we post 'em. Usually 2-4 posts a week.


      Subscribe to the blog feed:

       

      Subscribe: Email or RSS

       

      Categories: Email Deliverability

      Apr
      07

      Trust in Email Begins with Authentication

      By J.D. Falk
      Director of Product Management, Receiver Products

      Unfortunately, forging From: or other commonly seen email headers is trivially easy. It's one of the most frustrating oversights in the creation of internet email technology -- though of course that's only obvious in hindsight; it was just fine for the pre-internet networks of the late 1970s and early-mid 1980s.

      Since then, things have changed -- and the most interesting recent technological advancements in email have been in the realm of sender authentication, which encompasses ways to verify that the apparent sender of a message actually is the entity which sent it. Before you can answer the question "can I trust this message?," you first have to ask "who sent it?" -- but before authentication, there was often no way to know for sure.

      The first authentication technology to catch the interest of the industry was Meng Wong's SPF, which also formed the basis for Microsoft's SenderID. In parallel, Yahoo! developed DomainKeys, which has now evolved into DomainKeys Identified Mail, or DKIM. All of these are free to use, though some have licensing requirements or patents which may prevent derivative works.

      Having what looks like four entirely different technologies may seem confusing, and marketing tactics from some of the organizations involved certainly haven't helped. Luckily, our friends at the Messaging Anti-Abuse Working Group have published a new white paper, Trust in Email Begins with Authentication, which should help to clarify things. It provides a much-needed substantive overview of the authentication methods and practices currently in use, without inappropriate bias or attempts at coercion.

      We hope that this effort will raise the level of debate within the email industry, and lead to faster adoption of authentication technologies. Sender authentication will not, obviously, solve spam -- it has very little to do with spam, in fact -- but curtailing the bad guys' ability to send messages that look like they're from your bank or other trusted institution will certainly help.


      This article originally appeared on CAUCE.org in a slightly different form. Some CAUCE Board members -- including the author of this article -- contributed to the MAAWG document, and are regular attendees of MAAWG events.

      blog comments powered by Disqus
       
      Products Services Become A Partner   Resources About Us   Sites
      Certification for Senders Deliverability Consulting ESP Partner   Client Case Studies About Us   Client Login
      Certification for ISPs Feedback Loop Management ISP Data Partner   IN The Know Blog Careers   Senderscore.org
      Deliverability Monitoring Tools Reputation Data Network     Research Studies Press Office   Support
      Reputation Network Blacklist Response Consulting     Webinars and Events      

      Privacy  |  Copyright 2010 Return Path, Inc.