AOL, Yahoo rolling out sender authentication

Both companies are stepping up efforts to stop spam

By Paul Roberts

August 12, 2004 12:00 PM ET

Recommended

IDG News Service - Internet service providers America Online Inc. and Yahoo Inc. plan to begin using technology to verify the source of e-mail messages in coming months as both companies step up efforts to stop spam e-mail.
In September, AOL will verify the source of incoming e-mail using a component of Microsoft Corp.'s Sender ID authentication architecture. Yahoo will use its DomainKeys authentication technology to sign all e-mail coming out of the company's mail servers by the end of 2004, according to spokesmen for the companies. The decisions are part of an industrywide push to thwart spam and online scams known as "phishing" attacks by improving the ability of Internet service and e-mail providers to verify the source of messages, according to interviews with executives from e-mail technology companies.
AOL will screen e-mail using Sender Policy Framework technology, AOL spokesman Nicholas Graham said in an e-mail statement. SPF is part of Sender ID, a proposed technology standard backed by Microsoft for verifying a message's source.
Sender ID combines two previous standards: the Microsoft-developed "Caller ID" and SPF, which was developed by Meng Weng Wong. The combined standard was submitted to the Internet Engineering Task Force (IETF) in June for consideration. If adopted, Sender ID could provide a way to close loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin.
Dulles, Va.-based AOL has been testing SPF since January, publishing SPF records that identify AOL's outgoing e-mail servers in the Domain Name System (DNS), which translates numeric Internet Protocol addresses into readable Internet domain names. However, the company hasn't yet used SPF to screen incoming e-mail.
AOL will begin checking whether the purported responsible address of the server sending e-mail matches one of the servers listed in the SPF record for that Internet domain. Tens of thousands of e-mail domains have published SPF records. AOL will use SPF to help determine which messages are legitimate, rather than using it as a criterion to reject e-mail, Graham said.

That approach is similar to one Microsoft announced last month, when it said it will begin matching by Oct. 1 the source of inbound e-mail to the IP addresses of e-mail servers listed in that sending domain's SPF record. Messages that fail the check won't be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft's Safety Technology and Strategy Group.
Yahoo is looking to put its thumbprint on outbound, rather than inbound, messages. The Sunnyvale, Calif.-based company

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Networking

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.