Printer Friendly
The Free Library
14,529,347 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Sleeping with the phishes: filters kill spam and unauthenticated email.


Cialis. Son of deposed leaders of the Congo. Hot stock tips. Each is an example of the unwanted greetings popping up throughout email inboxes across the globe.

Blocking that sapm has become serious business for Internet Service Providers Internet service provider (ISP)

Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password.  (ISP (1) See in-system programmable.

(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. ) looking to attract a population ever more reliant on email. An Epsilon Interactive/Roper ASW ASW Antisubmarine Warfare
ASW Approved Social Worker
ASW Application Software
ASW a Small World (online community)
ASW Art Supply Warehouse
ASW Artificial Sea Water
ASW Australian Standard White (wheat)  consumer survey conducted in February, 2005, found that 22 percent of American adults switched, or considered switching, their mailbox provider within six-month period of the sudy.

As a result, ISPs including America Online See AOL. , Yahoo! and MSN (1) (MicroSoft Network) A family of Internet-based services from Microsoft, which includes a search engine, e-mail (Hotmail), instant messaging (Windows Live Messaging) and a general-purpose portal with news, information and shopping (MSN Directory).  have been working to develop authentication, accreditation and reputation (AAR Aar, river: see Aare. ) techniques to protect users from spam. In November, 2005, MSN began flagging potential incoming spam when its servers could not verify senders' return address information. Any unauthenticated email was promptly transported to the recipients' junk mail See spam and junk faxes.  folders.

Just how important the authentication process has become for nonprofits is up for debate. Michael Della Penna pen·na  
n. pl. pen·nae
A contour feather of a bird, as distinguished from a down feather or a plume.


[Latin, feather; see pet- in Indo-European roots. , chief marketing officer at Epsilon Interactive and chair of the Direct Marketing Association Council for Responsible Email, said that he believes that it is essential for nonprofits to authenticate their email to ensure the most effective delivery.

Authentication allows the ISP or the receiver to verify that the sender is who they say they are, Della Penna said, and it validates that the "from" address and the IP address are from the same person or company. By authenticating your domain with your IP address, in essence, you're telling the ISP or the receiver that this IP address belongs to your nonprofit.

The reason that authentication is so important is that ISPs are incorporating it as part of their checks and balances as it relates to incoming email. A nonprofit should want to come on board quickly because it does a number of things including improving their relationship with the ISPs, Della Penna said, since nonprofits would be buying into the requirements that the ISPs are implementing. It allows organizations to be more transparent and accountable.

Authentication is increasingly becoming required for delivery optimization, Della Penna added. Yahoo!, MSN and AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services.  are all incorporating SPF (1) (Stateful Packet Firewall) See stateful inspection.

(2) (Sender Policy Framework) An e-mail authentication system that verifies that the message came from an authorized mail server.  (Sender Policy Framework See SPF. ) or DomainKeys checking into their acceptance and whitelisting processes. Many ISPs have begun to include visual identifiers in the actual emails when an email does not pass an authentication check. Della Penna gave the example that, on Yahoo!, you could get a warning on top of a message saying that Yahoo! is unable to verify the sender.

"It also reduces false positives," Della Penna explained. "As a nonprofit continues to deliver, if you can be validated there is a higher likelihood that the ISP is going to accept that email and you're not going to be put into the bulk mail folder because you're part of the whitelisting program. Microsoft/MSN/Hotmail announced that through their authentication checks, they were able to reduce false positives 5 to 7 percent in the first couple of months alone."

The easiest and most broadly accepted standard is SPF and the more complicated standard is DomainKeys. For Internet Protocol See Internet and TCP/IP.

(networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol.  (IP)-based authentication (or domain level), including Sender ID An e-mail authentication system from Microsoft that is based on Sender Policy Framework (SPF) records in the DNS system. Sender ID uses Microsoft's proprietary Purported Responsible Address (PRA) method for checking the headers within the message body.  Framework and SPE SPE - Software Practice and Experience  the Domain Name System registry is queried to verify that when an cmail that claims to be from a specific domain name (for example: @nonprofit.org) its computer server, or IP address, that sent the message has been authorized in the Domain Name System for that domain.

Cryptographic-based authentication (or message-level), such as Yahoo!'s DomainKeys, utilize public/private key pairs that are created by email senders with one of the keys stored in the Domain Name System or other Internet registry Internet Registry - (IR) The Internet Assigned Numbers Authority has the discretionary authority to delegate portions of its responsibility and, with respect to network address and Autonomous System identifiers, has lodged this responsibility with the IR. , and its matching key used to generate unique message signatures that are embedded in outbound email headers. Mailbox providers authenticate the emails by querying the Domain Name System or other registry to make sure that the signature in the header matches the key stored in the registry. Since DomainKeys utilizes public key encryption See public key cryptography. , it is more complex to implement. Other than Yahoo!, Google GMail currently utilizes DomainKeys.

As the ISPs continue to offer products and services to fight spam, authentication will be helpful in reducing the clutter since more fraudulent and deceptive emails are going to be stopped at the gateway and not left to sort through in the inbox.

"The whole issue of trust and consumer confidence in email is critical for nonprofits in addition to the ability to protect their brand," Della Penna said. "For example, the Red Cross, over the past couple of months, has been one of the most phished brands on the Internet because of all its fundraising activity. Authentication is going to protect the brand and improve the trust in their email initiatives. It will allow consumers to further distinguish between what is a legitimate email and what is a phished email."

While authentication does not hurt an organization's communications in any way, some believe that there are more basic things that nonprofits should tackle before they worry about email authentication See e-mail authentication. .

"I'm not going to say it's not important--it's probably going to become increasingly important--but from what I've seen, people need to worry more about the quality of their email list than authentication because that's where the problems really creep in Verb 1. creep in - enter surreptitiously; "He sneaked in under cover of darkness"; "In this essay, the author's personal feelings creep in"
sneak in

penetrate, perforate - pass into or through, often by overcoming resistance; "The bullet penetrated her chest" ," advised Eric Rogers Eric Rogers (25th September 1921 – 8 April 1981) was a British conductor and composer.

Rogers was interested in music from an early age, and during his attendance at church as a child, he was taught to play the church organ. , program fellow at the IT Resource Center in Chicago.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  Rogers, early returns indicate that spammers are also very good at getting their email addresses authenticated. The system has a lot of growing up to do, he said, and the requirements and the way authentication operates may change due to tweaks in the system.

The IT Resource Center sends out an e-newsletter every two weeks and the organization has yet to authenticate its email address. Rogers said that there has been no problem getting through to clients who use Yahoo!, Hotmail and the major providers.

"The most basic thing you can do is to send your institutional emails from the same address and send them consistently," Rogers explained. "Don't have email blasts going out from different personal email accounts. All of ours come from our development/marketing associates' email address so people have whitelisted that address. They know who it is when they see it in their email inbox."

The progression of email tactics, Rogers added, is to get your list under control, use good methods to build your list and remain conscientious about keeping it clean. Once those endeavors have been accomplished then it's time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a  to move toward authentication.

Beating negative response

Although positive email authentication serves as only a minor benefit to email deliverability, one of the areas where it can add real value is the use of negative email authentication in combating phishing scams, said David Crooke, chief technology officer at constituent relationship management solutions provider, Convio.

Phishing is not an issue for 99.99 percent of nonprofits, Crooke said, but it can affect large fundraising organizations particularly in the time of crisis, as with Hurricane Katrina Editing of this page by unregistered or newly registered users is currently disabled due to vandalism. . By having email authentication in place, it allows an ISP's spam filters to spot email from phishers that has been forged to appear to come from the organization's regular email "from" address.

"Another way some organizations are protecting their communication is by asking their opt-in members to add them to their email preferences lists, thereby whitelisting them and allowing the organizations' email to get through any spam blockers," Crooke added."But you can't always rely on people following through on those requests so authenticating your email will also help on the server level."

Whether or not authentication should be a high priority, there is no debate that it does not take much of an effort to authenticate an email address. Since there's definitely no harm in doing so, and it takes less than an hour of an IT person's time, nonprofits should go ahead with the process, Crooke advised.

Epsilon Interactive's Della Penna believes that more education throughout the sector is needed." I think the concern is, if a nonprofit is sending an email itself, because there's such a focus on direct mail, it's probably not an issue that is front and center for them. But if a nonprofit has outsourced its email to a vendor, it's probably already taken care of for them." 
I routinely check my junk folder
for legitimate messages

Strongly/Somewhat Agree      52%

Somewhat/Strongly Disagree   45%
Don't Know/No Response        3%

Note: Table made from pie chart.

Source: Epsilon Interactive / NOP World/Rooper ASW

Email I have requested from a
trusted source was delivered to a
junk mail folder

Strongly/Somewhat Agree      32%
Somewhat/Strongly Disagree   63%
Don't Know/No Response        5%

Note: Table made from pie chart.

I recently have lost or did not
receive an email that I was supposed
to receive from a trusted source.

Strongly/Somewhat Agree      25%
Somewhat/Strongly Disagree   72%
Don't Know/No Response        4%

Note: Table made from pie chart.
COPYRIGHT 2006 NPT Publishing Group, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Causer, Craig
Publication:The Non-profit Times
Geographic Code:1USA
Date:Feb 15, 2006
Words:1473
Previous Article:Wimpy Web sites get muscle: navigation and functionality are key to pumping up usage.
Next Article:Software consolidation: Blackbaud acquires rival Campagne Associates.(Industry News ...)
Topics:



Related Articles
Want to stop spam? Multiple techniques in unison is the answer.(Internet)
URL Domain Blacklist effective spam filter.(Virus Notes)
Using SPAM firewalls.(Security News & Products)(Barracuda Networks SPAM Firewall)
America Online Announces Breakthroughs in Fight against Spam.
One in five users affected by daily phishing onslaught.(IT News)
Sunbelt Software announces third-generation "all-in-one" messaging security.(Security News and Products)
Image spam dramatically reduced for customers.(Security)(Brief article)
TIS Solution Business to Offer Email Archiving Solution for Internal Control.
Security news and products; scam contract killer email blackmails recipients with death threat assassination.(SOFTWARE WORLD DIGEST)
Attack poses as spam Katrina.(Security News)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles