E-Mail-Authentication Problems Spawn New Apps - InformationWeek
Software // Enterprise Applications
01:58 PM
Connect Directly

E-Mail-Authentication Problems Spawn New Apps

Port25 has released a new version of its PowerMTA, geared to address E-mail-authentication specs and accreditation services.

While America Online, Microsoft, and the open-source community agree to disagree about E-mail-authentication standards, some companies are stepping up to bridge the divide.

Port25 Solutions Inc., a maker of E-mail gateway software for legitimate commercial mail senders, has released a new version of PowerMTA, geared to address E-mail-authentication specs and accreditation services, along with E-mail fraud, message delivery, and sender reputation.

Bill Karpovich, senior VP of marketing at Port25, says the company is the first with outbound support for both Microsoft's Sender ID and Yahoo Inc.'s DomainKeys, two leading E-mail-authentication schemes.

Outbound support will become increasingly significant for commercial E-mail senders as major Internet service providers and E-mail service companies more closely scrutinize incoming E-mail for authentication data. Failure to support message-authentication specs will begin curbing delivery rates.

"As evidenced by everyone's announcements over the past couple of weeks," Karpovich says, referring to statements made for and against Sender ID, "there're going to be different standards."

Port25 is offering to deal with the headaches created by a lack of standards. "All that complexity is what we are going to encapsulate," he says.

Other companies are pursuing similar goals. IronPort Systems Inc., a competing E-mail infrastructure vendor, disclosed its intent to support Sender ID in August and has been working with Yahoo as well.

"Domain authentication proposals like SPF [Sender Policy Framework] provide a critical building block in solving the E-mail-security crisis but aren't useful today without reputation and policy systems," Craig Taylor, VP of technology at IronPort, writes via E-mail. "This is demonstrated by the fact that while there are lots of senders publishing SPF records today, only a few brave E-mail receivers reject or accept mail based on SPF alone."

Sendmail Inc., another enterprise E-mail company, released the first implementation of the Sender ID spec at the end of August as an open-source plug-in to the sendmail MTA, the most popular E-mail-routing software. The company has been testing DomainKeys and has already released a DomainKeys mail filter for checking inbound E-mail compliance.

A Microsoft spokesman notes that while Sender ID has had a tough week, he expects that the week to come will bring a revised authentication specification from the Internet Engineering Task Force, one that reconciles both the standards Microsoft advocates and those favored by the open-source community.

The rift over Sender ID may shift more attention to Yahoo's DomainKeys proposal, which many in the industry see as a stronger authentication system. DomainKeys uses a cryptographic digital header to verify the sender and, unlike Sender ID, the integrity of the message content.

Despite disagreements about authentication standards, pretty much every commercial enterprise on the Internet concurs that something needs to be done to address domain spoofing and phishing.

Research firm Gartner puts the cost of E-mail fraud to U.S. banks and credit companies at $1.2 billion last year, to say nothing of the cost to consumers in terms of time, money, and aggravation. While authentication won't put an end to fraud, experts see it as a necessary step to address the rampant misuse of the Internet.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll