E-mail authentication is not an either/or proposition. As ISPs, e-mail service providers and businesses struggle to protect their brands and customers, they're adopting any e-mail authentication method that can put the kibosh on spam and phishing, even if it is less than ideal. IT executives aren't deterred by a lack of standardization, despite the often-contentious back-and-forth among developers over the issue.

Sender Policy Framework (SPF) and Sender ID are widely in use despite being ineffective at ending spam (they issue false positives on legitimately forwarded messages). Adoption of the newer DomainKeys Identified Mail (DKIM) is going forward at a steady pace. False positives are a concern here, too, when third-party mailers send e-mail on behalf of business domains. Also at issue is back splatter, meaning return-to-sender spam.

Unfortunately, spammers are still winning the battle - and even rely on e-mail authentication in the process. Almost all spammers use published SPF records, according to a Forrester Research report issued in October. MX Logic, a spam-filtering service provider, determined that 83% of the spam it trapped over a test period in August came from domains with published SPF records. Of the 0.12% of domains that published their Sender ID records that month, 85% of them were spam-sending domains.

"Authenticated spam is still spam," says Max Christoff, vice president of enterprise applications for a Fortune 50 financial-services company in San Francisco that asked not to be named because of corporate policy. "Anyone under the authenticated Hotmail domain can keep opening new Hotmail accounts, get neutral starting ratings and send spam from those accounts until they get shut down." The same goes for DKIM, he adds. All spammers have to do is open new domains and attach their own cryptographic DomainKeys to them, and they can correctly and legitimately send e-mail.

But, counters Dave Wright, senior vice president of e-mail infrastructure at Bank of America, "at the very least, authenticated e-mail can prove to mail gateways that this mail really does come from BankofAmerica.com." Wright uses DKIM-authenticated e-mail between Bank of America and its large business customers. "There's a lot to win in this scenario, because ISPs can provide better service for their customers. And enterprises win, because their customers are getting fewer phishes and spam," he says.

Whitepapers

• Secure Wireless Printing Options
• Network-Wide Change Management Visibility with Route Analytics
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• The Latest Advancements in SSL Technology

View more NETWORK MANAGEMENT whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Branch Office Trends and Best Practices
• Correlating granular network and application visibility
• Migrating to an MPLS-Based Network
• Round Table Webcast with Forrester Research
• Best Practices for Deploying WAN Optimization for Disaster Recovery

View more NETWORK MANAGEMENT webcasts

Special Reports

• WAN Optimization: The Ultimate No Brainer
• Ehternet Services: WAN options mature
• Keeping Spam at Bay
• Network World Executive Guide: The Virtualization Equation
• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture

View more NETWORK MANAGEMENT special reports