Stop Email Spoofing with Sender ID
New technology showing promise against unwanted email
May 10, 2005
Not surprisingly, spammers and virus writers use digital sleight-of-hand to conceal their true identities. The majority of junk email being sent today uses a technique called “spoofing” to disguise the actual return email address. The technique involves the use of someone else's domain name when sending a message and is also a popular method of phishers, who try to lure consumers into divulging sensitive information by pretending the email is from a trusted source, such as a bank or coworker. This week, we’ll take a look at how spoofing works and what is being done about it, focusing on Microsoft’s Sender ID.
What is Sender ID?
The Sender ID Framework is an industry standard created to provide protection against fraud such as phishing schemes and is a result of the convergence of the “Caller ID” technology developed by Microsoft and the Sender Policy Framework (SPF), developed by Meng Wong. Sender ID counters email spoofing by validating that the sender of an email message is who they appear to be. It verifies that every piece of email sent actually did originate from the domain it claims to have come from, based on the sending server's IP address. By attempting to eliminate domain spoofing, Sender ID can help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk email and phishing scams.
How Sender ID Works
Sender ID checks the address of the sending server against a registered list of servers that the domain owner has authorized to send email, verifying that every email message originates from the Internet domain from which it claims to have been sent. This verification is automatically performed by the Internet service provider (ISP) or recipient's mail server before the email message is delivered to the user. Some best-of-breed email security solutions will use the result of the Sender ID check as additional input into the filtering tasks already performed, and may also consider past behaviors, traffic patterns, and sender reputation when determining whether to deliver mail to the recipient.
The Sender ID process is a relatively simple one. First, email servers publish the IP addresses of their outbound email servers in the Domain Name System (DNS). When an email message is received by the target mail server, the system looks at the incoming messages to determine if they actually originated from the listed domains. This verification is determined by querying the DNS for the list of outbound email server IP addresses for that particular domain. If the IP the email was sent from is not in that list, it is most likely a spoofed message, and should be quarantined or blocked by the receiving system.
Not the End of the Road, but a Good Start
No single piece of technology will stop all spam and online fraud. However, Sender ID is a significant step in the right direction and is supported by many in the industry as a means to counter spam and online phishing attacks. Sender ID has already had a big impact on email security by helping email senders protect their brand and domain names from spoofing and phishing. It also allows email recipients to validate the origin of mail and provides more information for anti-spam products to make filtering decisions.
CipherTrust was an early adopter of sender domain validation. The company began offering support for the anti-spoofing and anti-phishing protocol SPF in the IronMail product in February of 2004, immediately after Meng Wong announced his proposal. In order to better protect our customers from spoofing and phishing attacks, CipherTrust’s IronMail currently incorporates SPF as part of its correlation engine, the Message Profiler. In addition, CipherTrust’s Chief Technology Officer, Dr. Paul Judge, served as founder and chartering chairman of the Internet Research Task Force’s Anti-Spam Research Group (ASRG) in March 2003, from which the original proposals leading to SPF were born.
For more information, download CipherTrust’s free whitepaper, TrustedSource: Redefining Reputation. To create your own SPF record, visit http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx.
|
