Software // Enterprise Applications
01:58 PM
Connect Directly

E-Mail-Authentication Problems Spawn New Apps

Port25 has released a new version of its PowerMTA, geared to address E-mail-authentication specs and accreditation services.

While America Online, Microsoft, and the open-source community agree to disagree about E-mail-authentication standards, some companies are stepping up to bridge the divide.

Port25 Solutions Inc., a maker of E-mail gateway software for legitimate commercial mail senders, has released a new version of PowerMTA, geared to address E-mail-authentication specs and accreditation services, along with E-mail fraud, message delivery, and sender reputation.

Bill Karpovich, senior VP of marketing at Port25, says the company is the first with outbound support for both Microsoft's Sender ID and Yahoo Inc.'s DomainKeys, two leading E-mail-authentication schemes.

Outbound support will become increasingly significant for commercial E-mail senders as major Internet service providers and E-mail service companies more closely scrutinize incoming E-mail for authentication data. Failure to support message-authentication specs will begin curbing delivery rates.

"As evidenced by everyone's announcements over the past couple of weeks," Karpovich says, referring to statements made for and against Sender ID, "there're going to be different standards."

Port25 is offering to deal with the headaches created by a lack of standards. "All that complexity is what we are going to encapsulate," he says.

Other companies are pursuing similar goals. IronPort Systems Inc., a competing E-mail infrastructure vendor, disclosed its intent to support Sender ID in August and has been working with Yahoo as well.

"Domain authentication proposals like SPF [Sender Policy Framework] provide a critical building block in solving the E-mail-security crisis but aren't useful today without reputation and policy systems," Craig Taylor, VP of technology at IronPort, writes via E-mail. "This is demonstrated by the fact that while there are lots of senders publishing SPF records today, only a few brave E-mail receivers reject or accept mail based on SPF alone."

Sendmail Inc., another enterprise E-mail company, released the first implementation of the Sender ID spec at the end of August as an open-source plug-in to the sendmail MTA, the most popular E-mail-routing software. The company has been testing DomainKeys and has already released a DomainKeys mail filter for checking inbound E-mail compliance.

A Microsoft spokesman notes that while Sender ID has had a tough week, he expects that the week to come will bring a revised authentication specification from the Internet Engineering Task Force, one that reconciles both the standards Microsoft advocates and those favored by the open-source community.

The rift over Sender ID may shift more attention to Yahoo's DomainKeys proposal, which many in the industry see as a stronger authentication system. DomainKeys uses a cryptographic digital header to verify the sender and, unlike Sender ID, the integrity of the message content.

Despite disagreements about authentication standards, pretty much every commercial enterprise on the Internet concurs that something needs to be done to address domain spoofing and phishing.

Research firm Gartner puts the cost of E-mail fraud to U.S. banks and credit companies at $1.2 billion last year, to say nothing of the cost to consumers in terms of time, money, and aggravation. While authentication won't put an end to fraud, experts see it as a necessary step to address the rampant misuse of the Internet.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll