Some observers criticize IT vendors for not agreeing on a single, standard way for dealing with evil e-mail. The key e-mail authentication protocols are Microsoft's Sender ID Framework (SIDF), with its Sender of Policy Framework (SPF) records, and the rival Yahoo/Cisco DomainKeys Identified Mail (DKIM).
But a good case can be made that e-mail senders, Internet service providers and e-mail recipients should use both SIDF and DKIM.
"Domain owners are well advised to publish information using both standards, and e-mail recipients can use both standards to help filter spam," says Richi Jennings, an e-mail security analyst at Ferris Research Inc. in San Francisco.
|
But, he adds, "DKIM is better because the methods used to verify that the sender was authorized to use that domain are stronger. SPF/Sender ID has issues with mail lists and other things that autoforward mail."
DKIM is stronger, Jennings says, because it generates cryptographic hashes of content using keys owned by the e-mail sender's domain, while SIDF is simply based on which IP address the message comes from. "This means that DKIM is harder to set up and a little more expensive in terms of computing horsepower," he says.
John Scarrow, Microsoft's general manager of antispam and antiphishing strategy, agrees that the approaches are complementary. "By utilizing both, e-mail senders receive optimal protection and functionality across the board," he says. He acknowledges that DKIM is better for automatic forwarding by servers, such as when a user configures his Hotmail account to automatically forward messages to his Microsoft account.
But Scarrow argues that DKIM requires users to upgrade to both outbound and inbound message-transfer agents (MTA), such as Microsoft's Exchange Server, and affects "about 10% to 15% of computing cycles, while SIDF has no outbound impact to the MTA and negligible impact to any computing resources."