A new feature in the IronMail e-mail security appliance will support new antispam technology that prevents the use of forged
or "spoofed" sender addresses on unsolicited commercial "spam" e-mail, CipherTrust Inc. said Thursday.
The Atlanta company announced that IronMail 4.0 now supports Sender Policy Framework (SPF), one of a number of new technologies
that authenticate e-mail senders and block spam before they are sent, CipherTrust said.
E-mail using spoofed Internet domains often play a role in so-called "phishing" schemes, in which unwitting Internet users
are led to Web pages that look like legitimate online businesses, but are actually scam sites designed to harvest personal
information like user names, passwords and credit card numbers.
SPF is not a spam filtering technology. Instead of analyzing the content of messages to spot spam, SPF allows Internet domain
administrators to describe their e-mail servers in an SPF record that is attached to the DNS (Domain Name System) record.
Other Internet domains can then reject any messages that claim to come from that domain but weren't sent from an approved
server, said Meng Wong, independent antispam researcher and primary author of the SPF protocol.
Unlike spam filters, the SPF technology allows e-mail gateways to analyze the e-mail envelope, a wrapper for the message that
is transferred between mail servers before the full message is sent. Messages that do not come from a valid server at the
domain are dropped, before any message content is sent. Because no message content is sent, organizations save Internet bandwidth
and computing resources compared with filtering, which requires bogus messages to be sent, received and then analyzed, Wong
said.
CipherTrust added an SPF registry to the IronMail 4.0 correlation engine, known as the Enterprise Spam Profiler (ESP). That
allows the IronMail appliance to match the e-mail envelope back to published SPF records on the Internet, said Paul Judge,
chief technology officer at CipherTrust.
The appliance uses SPF matching as part of the ESP rating assigned to each e-mail record. A failure to match on an SPF record
may or may not result in the message being dropped immediately, depending on other factors, Judge said.
CipherTrust's professional services group is working with customers to publish SPF records for their domain. The company expects
that IronMail's support of SPF will result in a number of high-profile customers, including the Federal Deposit Insurance
Corp. publishing SPF records for their domains, Judge said.
"We have 1400 (IronMail) gateways across the e-mail universe and we're working with our customer base to educate them about
SPF. We have 20 percent of the Fortune 500 as customers. Many of them have been victims of phishing attacks and are looking
for ways to protect themselves," he said.
CipherTrust's adoption of SPF is encouraging to Wong, who said that more than 7,000 Internet domains have already published
SPF records, including Internet service provider (ISP) America Online Inc. (AOL), companies such as AltaVista Co. and Ticketmaster
Inc. and universities, including Oxford University in the U.K., Wong said.
The widespread adoption is particularly impressive because an official Internet draft for SPF was only published this month
and the technology has just begun the process of obtaining official RFC (Request for Comment) standard status, he said.
"This is just a formalized version of what a lot of people are already doing. A lot of domains already check mail that's coming
from (Microsoft Corp.'s) Hotmail or Yahoo to see if its coming from actual Hotmail or Yahoo machines," Wong said. "SPF is
just giving everyone an open, standardized way of doing what they already want to do."
IronMail 4.0 with SPF support is available now from CipherTrust, Judge said.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
