VeriSign introduces e-mail, anti-phishing services

New services from Internet infrastructure company VeriSign will help businesses fight unsolicited commercial (“spam”) e-mail, computer viruses and a form of online fraud known as “phishing,” the company said.

New services from Internet infrastructure company VeriSign will help businesses fight unsolicited commercial (“spam”) e-mail, computer viruses and a form of online fraud known as “phishing,” the company said.

The company Monday unveiled VeriSign Email Security Service, a managed e-mail service that intercepts, scans and filters e-mail traffic before passing it to customer e-mail servers. A separate program, called the Anti-Phishing Solution, helps companies detect and combat scams that target their customers, VeriSign said.

The new services will help organizations preserve the usefulness of e-mail communications and fight modern-day scourges like spam e-mail that are lowering worker productivity, said Chad Kinzelberg, a VeriSign vice president. VeriSign will use its high-end networking infrastructure and reputation as the largest certificate authority and manager of two of the Internet’s Domain Name Service root servers to attract customers who want relief from spam and viruses, but demand “100% uptime,” Kinzelberg said.

To use the service, VeriSign customers will modify the mail exchange (or “MX”) record for their e-mail domain to point to VeriSign’s Email Security Service servers. MX records tell other e-mail servers using the SMTP what server to deliver e-mail to for that domain, he said.

VeriSign, of Mountain View, Calif., is using e-mail management and security technology from FrontBridge Technologies. FrontBridge’s products will provide the core spam elimination, anti-virus and disaster recovery features for VeriSign’s service, under a multiyear license with VeriSign, FrontBridge said in a statement.

VeriSign will host FrontBridge’s messaging products in its U.S. data centers, which offer more scalability and a redundant, load-balanced infrastructure, in the event of a disaster. VeriSign will also complement the FrontBridge products with its own proprietary technology and intellectual property, such as anti-fraud intelligence gleaned from its online payment business, Kinzelberg said.

Anti-virus engines from Sophos, Symantec and Trend Micro will scan customer e-mail arriving at VeriSign’s data center. Heuristic filters built into the FrontBridge product will weed out spam and delete or quarantine it. Customers will also be able to create policies for blocking or quarantining messages with undesirable content, Kinzelberg said.

The new VeriSign Anti-Phishing Solution service takes a similar approach, with VeriSign repackaging data, expertise and technology already used in other services.

Phishing scams are online crimes that use spam e-mail to direct Internet users to Web sites resembling legitimate e-commerce sites, but are actually controlled by thieves. The sites ask users for sensitive information such as a password, social security number, bank account or credit card number, often under the guise of updating account information.

To help companies combat phishing, VeriSign will use information taken from its domain name monitoring service, Web crawlers, spam filters and customer complaints to spot “cousin” Web sites that are used in phishing scams to mimic valid e-commerce sites, the company said.

VeriSign’s relationships with leading Internet service providers and Web site hosting companies and its team of forensic and fraud investigators will help it shut down phishing sites quickly, the company said. Versign will also offer paid consulting services to help organizations create education programs and processes to address phishing scams, it said.

The Email Security Service is free for the first 30 days. After that, the service will cost between $1 and $3 per user per month. Prices for the Anti-Phishing Solution vary depending on the consulting and technology services the customer selects, Kinzelberg said.

Both new services are available on July 12, he said.

The company is also planning future enhancements to the service, including support for so-called “sender authentication” plans such as those backed by Microsoft, Yahoo and others.

VeriSign is working with Microsoft and plans to support the Sender ID specification that Microsoft submitted to the Internet Engineering Task Force last week. Sender ID combines Microsoft’s Caller ID specification with Sender Policy Framework, a similar standard created by Meng Weng Wong, co-founder and chief technology officer at Pobox.com, an e-mail forwarding service.

VeriSign will also make its Verified Domains List freely accessible to anti-spam software and service providers in an effort to foster e-mail authentication adoption and spam’s eventual elimination, the company said Monday.

“We’re in an arms race with spammers,” Kinzelberg said. “It’s a game of one-upmanship that’s difficult to win. Once we know who’s sending e-mail, it gets a lot easier.”