CipherTrust Study Reveals 75 Percent Increase in Sender ID Framework Adoption in Last Three Months.ATLANTA -- Growing Number of Fortune 1000 Deploys E-Mail Authentication The verification that an e-mail message has been sent by the domain name in the From field. Called "domain spoofing," spammers falsify the From address in their messages in order not to be identified. Standard as Defense against Spoofing Techniques Used in Phishing Attacks CipherTrust, the leader in messaging security, today released data on the adoption of the Sender ID An e-mail authentication system from Microsoft that is based on Sender Policy Framework (SPF) records in the DNS system. Sender ID uses Microsoft's proprietary Purported Responsible Address (PRA) method for checking the headers within the message body. Framework and the implementation of the Sender Policy Framework See SPF. (SPF (1) (Stateful Packet Firewall) See stateful inspection. (2) (Sender Policy Framework) An e-mail authentication system that verifies that the message came from an authorized mail server. ) text record. The analysis is based on more than 10 million real-world e-mail messages sent during the month of October to companies worldwide that use IronMail, CipherTrust's award-winning messaging security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. . The new study shows that corporations are steadily adopting Sender ID, with 23 additional Fortune 1000 companies publishing SPF records since CipherTrust last reported on the deployment of the e-mail authentication standard in August, representing an increase of nearly 75 percent in three months. This progress is critical as e-mail authentication provides an effective means of stopping Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP) spoofing, a technique used by criminals to execute phishing attempts that lure e-mail recipients into providing personal information. CipherTrust strongly supports the deployment of Sender ID, including the registration of SPF records, to prevent fraudulent use of registered domain names and to detect IP addresses that do not match a company's authentication record. "This adoption of the Sender ID Framework and the publishing of SPF records is a testament to the broad industry and business commitment to e-mail authentication," said Craig Spiezle, director of Microsoft Safety Technology and Strategy team. "E-mail authentication today is critical to reassuring consumers' online confidence while protecting the brand and reputation of businesses." The new research demonstrates that Sender ID remains successful in identifying fraudulent e-mails that utilize IP spoofing Inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Routers and other firewall implementations can be programmed to identify this discrepancy. See firewall. , and for building reputation and accreditation services. In fact, each day more than three million spoofed e-mails are identified and blocked by IronMail because they have failed SPF checks, and never make it into end users' inboxes. In addition, while some have raised concern around spammers publishing their own SPF records, a major benefit of that is the enhancement of enforcement and investigative efforts by having the ability to verify the identity of the sender. Further details about CipherTrust's most recent study can be found at http://www.ciphertrust.com/sidf_stats. Last week, CipherTrust and other industry and business leaders, including Amazon, eBay, Microsoft, EarthLink and Bank of America
Bank of America (NYSE: BAC TYO: 8648 ) is the largest commercial bank in the United States in terms of deposits, and the largest company of its kind in the world. , together sent a letter to the FTC FTC See Federal Trade Commission (FTC). urging continued support of e-mail authentication and Sender ID. The letter demonstrates widespread industry support of Sender ID as a first step in e-mail authentication and issued a call to action for all businesses and e-mail senders to adopt the Sender ID Framework and publish their SPF records today. Additionally, the letter's signers committed to advance and collaborate on signing technologies such as Cisco's Internet Mail See Internet e-mail service. and Yahoo's DomainKeys, to complement the Sender ID Framework for a higher level of e-mail authentication. For additional information on how to review and implement these e-mail authentication alternatives, please visit www.truste.org/authentication. While CipherTrust strongly recommends the deployment of Sender ID and registration of SPF text records, e-mail authentication is only part of a comprehensive enterprise e-mail security approach. More than 1200 enterprises have deployed CipherTrust's IronMail, which utilizes a variety of real-time techniques and defenses within their arsenals to fight spam, fraud, viruses and other threats. "Businesses around the world face the very serious risk of having their brands hijacked, and then used by phishers and spammers to victimize their own customers," said Paul Judge, chief technology officer at CipherTrust. "E-mail authentication, in particular the Sender ID framework, is a critical component of eliminating spoofing, a primary element used in phishing and spam attacks. In addition to deploying e-mail security gateways like IronMail to protect their employees and messaging infrastructures, every enterprise should make it a priority to deploy Sender ID and register SPF records to safeguard their brand and customers." As the leading messaging security provider with more than 30 percent of the Fortune 100 among its customer base, CipherTrust remains at the forefront of industry cooperation to combat Internet fraud A crime in which the perpetrator develops a scheme using one or more elements of the Internet to deprive a person of property or any interest, estate, or right by a false representation of a matter of fact, whether by providing misleading information or by concealment of attempts like phishing, and to eliminate spam and other e-mail threats. CipherTrust's Dr. Judge served as founder and chartering chairman of the Internet Research Task Force's Anti-Spam Research Group The Anti-Spam Research Group (ASRG) is a research group within the Internet Research Task Force (IRTF) dedicated to research into curbing spam on an Internet-wide level. It consists of a set of mailing lists to coordinate work and a small web site. (ASRG ASRG Anti-Spam Research Group (IETF) ASRG Association de soutien aux rescapés du génocide ASRG ARC Standard Raster Graphics ), out of which the original proposals leading to SPF were developed. In February, CipherTrust became the first e-mail security vendor to incorporate SPF into its product, and has outlined product plans to support the Sender ID Framework. CipherTrust has published additional research related to the ongoing fight against malicious phishing attempts. Last month, CipherTrust found that fewer than five zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. network operators are responsible for all Internet phishing attacks worldwide. It revealed that these zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. were predominantly based in the United States--home PCs connected to the Internet with a broadband connection. To view all of CipherTrust's published research, visit http://www.ciphertrust.com/resources/statistics/index.html. About CipherTrust CipherTrust is the leader in messaging security. Recognized as the market leader by IDC, the Company's award-winning IronMail appliance protects the messaging systems of more enterprise e-mail users than any other solution, including more than 30 percent of the Fortune 100. CipherTrust pioneered messaging security by uniquely combining the five critical e-mail security components of spam and fraud prevention, virus and worm protection, policy and content compliance, e-mail privacy, and intrusion prevention into a single easy to deploy and manage platform. The Company is backed by top tier investors including Battery Ventures and Greylock Partners. For more information about CipherTrust, please visit www.ciphertrust.com or call 877.448.8625. CipherTrust and IronMail are registered trademarks of CipherTrust, Inc. All other trademarks are property of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion