Email Authentication Faces Grim Future

Posted by: KillHour

Email Authentication Faces Grim Future - 07/10/05 04:13 AM

ISPs, large enterprises and e-mail security companies are hoping that an industry meeting in New York this week will breathe life into a flagging effort to thwart spam and e-mail viruses through the adoption of e-mail sender authentication technology.

The Email Authentication Implementation Summit will call attention to a smorgasbord of technologies that have emerged in recent years. The summit has the backing of major messaging players, including Microsoft Corp. and Sendmail Inc., as well as the Direct Marketing Association.

But with data from Microsoft showing only modest adoption of e-mail sender authentication by enterprises in the past year and a confusing array of open and proprietary technologies to choose from, some e-mail experts say that the future of e-mail sender authentication is cloudy.

The meeting comes amid growing alarm within the business community about the corrosive effects of spam, phishing and e-mail-borne viruses, as well as consternation over the panoply of IP-based verification methods, including the open-source SPF (Sender Policy Framework), Microsoft-backed SIDF (Sender ID Framework) and signature-based approaches such as a joint Yahoo Inc. and Cisco Systems Inc. technology called DomainKeys Identified Mail.

SPF and SIDF make it harder to fake the origin of e-mail messages. DomainKeys allows e-mail senders to digitally sign messages so that recipients can verify the message content and origin.

Still, only about 25 percent of e-mail that makes it into in-boxes at the MSN Hotmail service comes from Internet domains that have published SPF records, said Craig Spiezle, director of industry relations and business strategy at Microsoft's Safety Technology and Strategy Group, in Redmond, Wash.

"Is that a good number? I wish it was higher," Spiezle said.

Adoption of authentication technologies has been hampered by confusion over the competing authentication schemes from Microsoft, Yahoo and Cisco, as well as open-source alternatives such as SPF, experts agree.

"There's been a considerable amount of confusion in the marketplace about standards, and that has led to some folks sitting on the sidelines," said Louis Mastria, vice president of communications at the DMA, a New York trade association that represents 5,200 marketers worldwide.

Despite the confusion among enterprises and even vendors, however, all involved parties agree that something must be done to cleanse e-mail traffic.

Source