AOL, Yahoo rolling out sender authentication

Paul Roberts   Today’s Top Stories    or  Other Desktop Applications Stories  

Virtualization Everywhere Sign up to receive Security Resource Alerts

August 12, 2004 (IDG News Service) -- Internet service providers America Online Inc. and Yahoo Inc. plan to begin using technology to verify the source of e-mail messages in coming months as both companies step up efforts to stop spam e-mail.
In September, AOL will verify the source of incoming e-mail using a component of Microsoft Corp.'s Sender ID authentication architecture. Yahoo will use its DomainKeys authentication technology to sign all e-mail coming out of the company's mail servers by the end of 2004, according to spokesmen for the companies. The decisions are part of an industrywide push to thwart spam and online scams known as "phishing" attacks by improving the ability of Internet service and e-mail providers to verify the source of messages, according to interviews with executives from e-mail technology companies.
AOL will screen e-mail using Sender Policy Framework technology, AOL spokesman Nicholas Graham said in an e-mail statement. SPF is part of Sender ID, a proposed technology standard backed by Microsoft for verifying a message's source.
Sender ID combines two previous standards: the Microsoft-developed "Caller ID" and SPF, which was developed by Meng Weng Wong. The combined standard was submitted to the Internet Engineering Task Force (IETF) in June for consideration. If adopted, Sender ID could provide a way to close loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin.
Dulles, Va.-based AOL has been testing SPF since January, publishing SPF records that identify AOL's outgoing e-mail servers in the Domain Name System (DNS), which translates numeric Internet Protocol addresses into readable Internet domain names. However, the company hasn't yet used SPF to screen incoming e-mail.
AOL will begin checking whether the purported responsible address of the server sending e-mail matches one of the servers listed in the SPF record for that Internet domain. Tens of thousands of e-mail domains have published SPF records. AOL will use SPF to help determine which messages are legitimate, rather than using it as a criterion to reject e-mail, Graham said.

That approach is similar to one Microsoft announced last month, when it said it will begin matching by Oct. 1 the source of inbound e-mail to the IP addresses of e-mail servers listed in that sending domain's SPF record. Messages that fail the check won't be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft's Safety Technology and Strategy Group.
Yahoo is looking to put its thumbprint on outbound, rather than inbound, messages. The Sunnyvale, Calif.-based company will roll out its DomainKeys technology by year's end and digitally sign all e-mail messages sent from its servers, said Miles Libbey, antispam product manager at Yahoo.
DomainKeys use public-key infrastructure technology to create a unique signature for each e-mail based on the content of the message. When e-mail servers receive DomainKeys-signed messages, they use a public encryption key published by the company in the DNS record for the sending domain and the contents of the message to verify the source of the e-mail, he said.
The movements by Microsoft, AOL and Yahoo are a sign of the increased urgency with which e-mail and Internet service providers are treating the spam problem.
"The world of e-mail is in a lot of hurt. It's in trouble, and there's a sense of urgency we haven't seen," said Greg Olson, chairman and co-founder of e-mail technology company Sendmail Inc. in Emeryvile, Calif.
Pushing technologies such as Sender ID and DomainKeys into service even before their official adoption as standards by the IETF or other governing bodies is a way to safely work out problems the technologies may cause when widely deployed, Libbey said.
"All these solutions are reasonably early in the life cycle," he said. "There's a lot of interoperability testing that has to happen. Implementing DomainKeys on Yahoo will give us real-world data on how it works."
"It's an iterative process," said Microsoft's Spiezle. "We have to try something. The spammers are outsmarting us, and the more we delay, the more time they have to figure out what to do."

Reprinted with permission from

For more news from IDG visit IDG.net
Story copyright 2006 International Data Group. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"I've loved Firefox since version 0.93. It was so much better than Internet Explorer and the other alternatives that I..." Read more... "It's IT Blogwatch: in which billionaire investor Carl Icahn starts a proxy fight to restart the Microsoft/Yahoo merger talks. Not..." Read more... Read more Desktop Applications posts or See all Blogs

Mozilla launches Firefox 3.0 RC1 early Microsoft: Don't misunderstand UAC, other Vista features HP confirms XP SP3 endless reboot snafu, promises patch More top stories...

Microsoft pulls Windows Home Server backup feature Yahoo tells Icahn that its own board knows best Tools circulate that crack Debian, Ubuntu keys

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Computerworld Report: Storage Gets Strategic Download this Computerworld Report, free, compliments of HP. (Source: Computerworld) Data Storage has emerged from the back room to become a key part of regulatory compliance, disaster recovery and strategic tecnhology plans. Learn more in this new this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  E-Mail As a Service: Time for Another Look? E-Mail As a Service: Time for Another Look? Download this webcast, compliments of Google. Go to the webcast  3 Building Blocks for a Profitable Green IT Strategy Get this white paper now! (Source: Verdiem) This practical white paper compares "greening" your IT department to "greening" your home: the key to a lasting return is starting with small steps. Learn how to create an IT carbon footprint baseline, draft a list of objectives, and implement for the best ROI. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Securing Financial Services Beyond the Perimeter Intercept Spam & Viruses With MessageLabs Meeting PCI Compliance with SonicWALL Global Management System View more whitepapers

• Mozilla launches Firefox 3.0 RC1 early
• Microsoft: Don't misunderstand UAC, other Vista features
• HP confirms XP SP3 endless reboot snafu, promises patch
• More top stories 

ITIL Best Practices Zone BMC provides the ITIL solutions you need to drive business value through better management of technology and IT processes. Learn more in the BMC ITIL Best Practices Zone. Learn more in the ITIL Best Practices Zone See All Zones



In Depth: Apple's Leopard leaps to new heights A refined look, revamped apps and new options build on an already solid OS foundation. Read more...



How Operating Systems Create Network Efficiency Lake Partners Strategy Consultants conducted research to understand the efficiencies created by different operating systems. Read the whitepaper to learn about the findings, including how in specific network areas JUNOS software creates significant operational efficiencies. Download this white paper now!



This podcast delivers summaries of key technologies and concepts every week. Listen to the short program on your iPod or in your Web browser. This Week: Darwin Information Typing Architecture,  List of Episodes Subscribe