A deluge of spam, crippling viruses and e-mail forgeries such as “phishing” schemes is threatening the value of electronic messaging as a critical communications tool. The root cause of these problems is the inherent anonymity of the e-mail standard Simple Mail Transfer Protocol.Because the protocol was designed 20 years ago, when spam was still only a canned meat and viruses only infected humans, it is all too easy for an illicit sender to deliver unsolicited or hostile mail under the guise of being legitimate.SMTPi is an initiative for a next-generation e-mail infrastructure. It has a three-part framework that includes the essential components – identity, reputation and policy – of a new, secure messaging system built on top of SMTP. The “i” stands for identity. Migrating to an identity and reputation-based mail system will enforce sender accountability and eliminate many challenges with e-mail.Identity Accurately establishing a sender’s identity lets e-mail recipients make confident decisions about how to treat incoming mail based on a sender’s reputation. By doing so, it would make it easier to leave spam out of the recipient’s in-box.Building a universal identity mechanism for e-mail is a major undertaking and will be done in phases. Initial server-level identity mechanisms rely on a sender’s IP address. An IP address is verifiable and manageable, and is nearly impossible to forge because it is established via TCP/IP connection. If the IP address is altered, two-way SMTP conversation would not take place because the return packets required to continue the SMTP conversation could not be routed to the actual sending IP address.Over the next few years, domain-level identity will be deployed using standards such as Sender Policy Framework, Caller-ID and DomainKeys, but each of these approaches has trade-offs.The best solution, yet the least-developed, is the use of cryptographic headers that would let users identify themselves at multiple levels – as individuals, organizations and corporations.ReputationA sender’s reputation can be tracked by monitoring his mailing history. A sender reputation service tracks a range of measurable parameters such as volume of mail sent globally, complaints, country of origin, presence of an open proxy or relay, proper DNS configuration and other related data. These parameters are used to assess a sender’s reputation.Unlike blacklists, which are in effect a first-generation reputation services, the current crop of second-generation reputation services such as SenderBase provide detailed data (a reputation score ranging from minus-10 to plus-10) that lets recipients choose their own policies and thresholds. SenderBase is an open service that system administrators and open source spam filters can access at no charge. PolicyAfter authenticating an e-mail sender and establishing his reputation, e-mail receivers need a way to apply appropriate mail policies based on that knowledge.Today, most mail gateways process all incoming mail through spam filters. This method increases infrastructure costs and reduces the effectiveness of catching spam.An effective mail policy solution supports variable response that’s based on the quality and trustworthiness of the mail source. Mail from known good senders can be routed around spam filters, mail from known bad senders can be deleted, and mail from suspicious senders can be throttled and sent through highly sensitive spam filters. As SMTPi continues to propagate, receivers of e-mail will apply stricter limits on mail originating from a source that does not have an identity and a reputation. This migration toward an identity- and reputation-based e-mail system will make e-mail safer and more reliable.Gadre is director of product marketing for IS at IronPort Systems. She can be reached at agadre@ironport.com. Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Network Management Software Networking opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe