Anti-Spam Firms Tie Sender ID to Reputation 'Step Two' in Combating the Spam Scourge Pamela Parker
What follows e-mail authentication? Many believe once e-mail recipients are certain who sent a message, they'll still need to determine whether that sender is a good guy or a bad guy. That's the idea behind separate announcements due out Thursday from spam-fighting firms IronPort Systems and Cloudmark.
Each firm says it will tie Sender ID-authenticated domains to information in their respective reputation databases. This would allow e-mail recipients to judge what treatment an e-mail message should receive after it's been authenticated.
"Sender ID's success is contingent on broad industry participation and we need strong tools in place within the industry to help build this kind of authentication into the technology infrastructure," said Ryan Hamlin, general manager of Microsoft's safety technology and strategy team, in a statement.
The announcements come as members of the E-Mail Service Providers Coalition (ESPC) meet at Microsoft headquarters to discuss the Microsoft-supported e-mail authentication standard. Both Cloudmark and IronPort are taking part in the discussions at the "Sender ID Summit."
Sender ID is a system meant to allow e-mail recipients to verify that messages actually come from the domain they purport to be from. Senders publish information in their DNS records identifying the IP addresses they use to send mail. When a message comes in purporting to be from a certain domain, the receiving system checks the DNS to make sure everything matches up.
While authentication is thought to be the first step in battling phishing (define), spoofing (define) and spam (define), the reputation element is widely considered to be step two.
IronPort is tackling the reputation problem by building it into its "Reputation Filters," part of the company's C-series e-mail security appliances. Nearly 20 percent of the world's e-mail goes through IronPort's e-mail appliances, the company says. IronPort's technology rates incoming messages on a scale between -10 and +10, examining a wide variety of factors to make that determination. Senders who publish Sender ID records can see their reputation scores go up as much as three points, according to Craig Sprosts, senior product manager at IronPort.
"We look at a whole host of different factors to determine that reputation," said Tom Gillis, senior VP of marketing at IronPort. "They all get folded into a sophisticated algorithm that says 'friend or foe.'"
Sender ID information will also be added to SenderBase, the company's publicly available site that monitors global e-mail traffic patterns. It will also be added to the list of best practices for the company's whitelist, the Bonded Sender program, though it won't be a requirement.
Cloudmark is making its reputation calculations on Sender ID-authenticated domains publicly available. The company uses its peer-to-peer network of more than a million users as a sort of early-warning system against spam. When users receive a spam e-mail, they flag it as such, allowing Cloudmark to immediately begin blocking the offending e-mail from other users' inboxes.
Cloudmark will now take that real-time data and tie it to domain names, in a system it calls Cloudmark Rating for Sender ID. After an e-mail's sender is authenticated, Cloudmark will allow free queries to its system, which will return three possible results: good, bad, or not enough information. A positive reply indicates the sender domain has a good reputation, while a negative reply would say a sender domain has a bad reputation. The last ambiguous reply would be returned if Cloudmark didn't have enough information to make a determination. The company is making available instructions on how to query its reputation database at rating.cloudmark.com.
