| |
|
|
By ITX Corp [ 05/07/2006 ] Publishing Free Articles Zone articles is subject to our Publisher's Terms Of Service |
 Add to Favorites Email to a friend Publish this Article Print this article  Article direct link email Article Author Report this article
|
Nothing causes more annoyance and frustration for IT professionals and users alike than the hordes of unwanted e-mail received daily. Much of this spam uses domain spoofing to forge the sender's address and fraudulently deceive intended recipients into believing that the e-mail was sent from a trusted site or domain. Such phony messages are particularly insidious because they are not easily filtered; users are forced to examine the messages and are often deceived into responding.
What is Sender ID Framework?:
Sender ID Framework (SIDF) checks the address of the server sending the e-mail against a list of servers that the domain owner or e-mail recipient allows to send e-mail. This comparison is performed by the Internet Service Provider (ISP) or by the recipient's mail server before the e-mail is delivered. If the sender's ID is validated, the e-mail is sent. If the ID is not validated, the message may be refused by the receiving server or flagged or sorted into a separate folder for the user.
This technology, which will not be patented by Microsoft, incorporates Microsoft's own Purported Responsible Address (PRA), also known as Caller ID, as well as Sender Policy Framework (SPF), developed by Meng Wong of Pobox.com, and a third specification called Submitter Optimization.
Benefits:
With SIDF, an organization's domain and brand integrity will be protected against spoofing by validating the origin of e-mail. SIDF will also serve as a foundation for the reliable use of domain names in accreditation, reputation systems, and safe lists. There are already several implementations of SPF, and several major players currently use SPF to protect their e-mail systems, including AOL, Symantec, GNU, W3C, Google, and SAP. SIDF will be backward compatible with systems that already implement and use SPF.
How it Works:
In order for an organization to implement SIDF for its e-mail system, the organization (email sender) first publishes the IP addresses of outbound e-mail servers in DNS via a SPF record. This is done by systems administrators with little or no hard costs or technical overhead. If e-mail forwarding or e-mail intermediaries are involved, outbound e-mail servers will require software to identify their own domains.
When messages are sent, receivers must determine which domain(s) to check-typically either the "purported responsible domain" from the message body or the "envelope from" domain. Receivers then query DNS for the outbound e-mail servers of the chosen domain and perform the domain spoofing test. This requires software for inbound e-mail gateway servers, as well as optional client software to display the results of the domain checking.
A match of the sender's domain with an SPF record means that the domain was not spoofed or forged. The e-mail will then be forwarded onto additional filters for other spam. A failed match means a spoofed domain and a rejected e-mail.
Summary:
SIDF targets one of the most pernicious forms of spam-the fraudulent use of legitimate and reputable domains to deceive e-mail recipients. Although not a comprehensive solution to spam, SIDF is surely an important first step towards cleaning up the current e-mail system.
About Jonathan Coupal:
Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice” implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice.
Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.
About the author:
About ITX:
ITX Corp is a business consulting and technology solutions firm focused in eight practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies, IT Solutions Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at www.itx.net or contact us at (800) 600-7785.
Article Source: http://www.Free-Articles-Zone.com
מאמרים 
Free Articles
Sender ID Framework: Fighting Deceptive Tactics Used By Spammers