E-mail as we know it today is a broken communications  medium. Simply put, e-mail was never designed to be anything more than text messages delivered through multiple computer systems strung together. But like most things pushed onto the Internet scene in the early days, more functions were added to e-mail's fragile delivery structure. Each new bolted-on innovation created another risk for a crack in the system .
These add-ons eventually created opportunities for malicious abusers to mask their identities and use the infrastructure to deliver rogue code to unsuspecting computer users. Once this kind of abuse became widespread, criminals soon learned to use sophisticated social-engineering techniques to steal money from innocent victims unaware of the dangers of identity theft.
Today, the norm is for spam e-mail to serve the cause of criminal schemes. In response to these kinds of threats, many Internet security experts have called for an e-mail authentication system that they believe would significantly reduce e-mail-related crime. Supporters of such tactics believe e-mail authentication strategies will immediately put a dent in e-mail-based fraud.
A recent New York City gathering of leading Internet security companies and software developers led to a consensus that, while not a perfect solution, e-mail authentication represents a significant step forward for the entire Internet community. Still, detractors dismiss e-mail authentication and say it will have little affect, if any at all, on the ongoing problem.
Two Plans for a Cure
Developers have proposed two methods to beef up the e-mail system. Both methods do not require individual or business users to do anything different in processing their e-mail. Instead, they will only need users to make more educated decisions when determining "good" mail from "bad." So far, Internet service providers (ISPs) and e-mail gateway services are using both methods.
Yahoo and a group of its supporters are pushing the "domain keys" method. This strategy requires e-mail senders to complete a two-part verification process. The ISP or e-mail gateway service must first authenticate the message sender. Then the message sender must pass a second phase called the "reputation score."
The second most popular authentication method is called the Sender ID Framework (SIDF), which is a merger of two earlier e-mail security proposals, one from Microsoft and another from e-mail provider Pobox. The Sender ID technology requires two levels of authentication before an e-mail message is delivered. The message originator registers for inclusion on a list that confirms the Internet Protocol (IP) address of the sender. The mail server also must confirm that the mail originator is approved to enter the traffic stream for delivery to the recipient. (continued...)
|
Nvidia Auto-Switches Notebook GPU To Save Battery Life
Microsoft Says Battery Woes Not Caused By Windows 7
IBM's New POWER7 Servers Save Energy with Big Loads
Google May Add Facebook, Twitter Links to Gmail
IBM Opens Eco-Friendly, Cloud-Focused Data Center