Authentication the message for next round in spam fight

E-mail filters have become effective at preserving our in-boxes, creating the illusion that spam has been tamed. But the bulk of spam is growing. MessageLabs said about 70 percent of all e-mail traffic as of this week, and 66 percent this year, was bogus.

Although junk- and malware-laden messages have been pushed out of sight for many computer users, they are not out of mind for those minding e-mail delivery systems, who say tackling the growing problem demands an answer to the simple question: Who’s e-mailing?

That’s what Microsoft and Sendmail say must be answered if businesses are to save e-mail from having its “killer app” status redesignated.

“On average, one-third of a company’s critical business information is stored in the messaging system and potentially at risk,” Sendmail CEO Donald Massaro said.

E-mail authentication systems such as Microsoft’s Sender ID systems, modeled after Caller ID for telephones, and Sendmail’s plans for trusted messaging, are not new, but the companies are bolstering their efforts.

Last week, Microsoft added its specification to a list of free and open specifications for developers, and on Wednesday, Sendmail outlined the related rollout of its Trusted Unified Messaging Platform.

Sender ID, developed by Microsoft, Sendmail, and others, allows companies to attach information to an Internet domain that tells e-mail recipients what addresses are authorized to send mail from that domain. This allows the system that receives a message whether it is legitimate. In the past two years, Microsoft says the technology protects 5 million domains and 600 million users worldwide.

Sendmail’s Trusted Unified Messaging Platform will go further with a system called DomainKeys, which uses public/private key cryptography to generate a unique signature for each e-mail address based on information in the message header. The system requires senders to deploy a PKI infrastructure, but makes it possible to authenticate both the source of the message and the message content

Most ISPs use Sender ID alone or in combination with other e-mail authentication schemes, but developers have been slow to integrate it with anti-spam solutions, perhaps out of concern about Microsoft’s copyright claims over the technology. Redmond’s decision to include Sender ID with other specifications in its Open Specification Promise program should put those fears to rest.

Sendmail, which says it handles 65 percent of all e-mail, is pushing a broader platform of “trusted messaging” — “clean”, adhering to policy (Sarbanes-Oxley, primarily); secure/encrypted, and authenticated. The company’s platform will work across SMTP, IM, HTTP, out-of-the-box policies, and provide dashboard reporting for security and compliance.

“While attacks from outside sources such as spam and viruses continue to rise, our customers are also concerned with protecting sensitive data from leaving the organization in order to protect their brand and comply with increasingly stringent regulatory requirements,” Massaro said.

Sendmail will roll out individual pieces of its platform over coming months, with the aim of having all in place by February of next year, in time for the RSA Security conference, Massaro said

Released Wednesday, the company’s version 2 of its mail filter, or “Milter”, allows users to integrate business rules with message handling characteristics.

Massaro said the standards process for Sender ID was “really going to ramp up” in the next 12 to 18 months, so the time was right. “All the pieces of the puzzle are there,” Massaro said.

with Elizabeth Montalbano, IDG News Service