E-mail Authentication Techniques

The latest figures from Symantec's Security Threat Report and Forrester Research peg spam at 67 percent of all Internet e-mail traffic. In other words, of every 10 messages that come into your network, only about three deserve your attention.

The most current widespread approach to combating spam is to use software that attempts to determine, for each user, what is spam and what is not. This filtering software certainly helps, but we have yet to see a product work with 100 percent accuracy; mistaking legitimate e-mail as spam is an unacceptable byproduct. Can e-mail sender-authentication technologies join with filtering software, adding another layer of security to thwart spammers? We decided to find out.

Inside the Spammer's Mind

E-mail and SMTP weren't designed with security in mind. Consider the resemblance between e-mail and snail mail: When sending a handwritten letter to a friend in California, there are no restrictions that force you to place the correct mailing or return address on the envelope, drop it off at a specific post office, or even place the right letter inside the envelope. Likewise, e-mail systems don't force senders to address their e-mail accurately, place the correct return e-mail address, use a specific e-mail server when sending messages, or type the correct text in the body of the message. Spammers capitalize on these limita- tions by, for example, never using a correct return address. They maintain lists with hundreds of thousands of e-mail addresses, take a scattershot approach and hope a fair percentage get delivered. Obviously, they're all too successful.