Images Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
Search EarthWeb Network

Be a Commerce Partner
MICR Check Printing
Laptop Computers
Prepaid Phone Card
Promotional Gifts
Cheap Plane Tickets
Domain registration
Plasma Televisions
Franchise Directory
Online Universities
Server Racks
Computer Memory
Cheap Airline Tickets
Promotional Giveaways

IT Management : Columns : Executive Tech: Can You Prove Your E-Mail Isn't Spam?

Transforming IT with a New Enterprise Architecture
The Intel® Software Insight covers the convergence of virtualization, Grid, and SOA; Intel® Software Development Products; how Pixar used those tools to develop its RenderMan* software; and how Intel. Platform Administration Technology is helping reduce IT administration burdens and increase. Download now
Outdoor Wireless Networks with RFID Technology
Outdoor wireless networks hold potential for many kinds of outdoor venues. Employing the latest in broadband wireless and Wi-Fi technology, portable outdoor wireless networks with RFID technology deliver real-time information and data capture over the Internet despite environmental challenges Download now
Protecting XML Web Services
Guide to the Intel® XML Security Gateway: A purpose-built product that delivers comprehensive, high performance protection for XML Web services. Download now
Simplify XML Policy Management
Guide to the Intel® XML Configuration Manager: A powerful management platform that provides fast, easy creation and distribution of policies for XML security, routing, and acceleration. Download now
Accelerate Your Web Services
Guide to the Intel. XML Accelerator: Provides industry leading processing of XML and significantly improves the performance and response of XML Web service applications.Download now
Intel SSG Solution Center

Related Articles
Sender ID, DomainKeys Are Hammering Spam
How Good is Goodmail, Really?
Designer Says Vista Font is Original
Is Microsoft's Vista Font Just a Copy?
- ITSMWatch Newsletter -
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
Log Management Service - Application Level Event Log Monitoring Service
MegaRAID - PCI Adapters Offer RAID Capabilities
Digipass - Token Based Authentication Platform
BI Documenter - SQL Documentation Tool
Senforce Endpoint Security Suite - Create and Enforce Security Policies on Endpoint Devices

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

IBM Backup and Recovery You need a backup and recovery system that performs in the background, so you donít have to stop while itís doing its work. IBM System Storage has a solution. Learn more.

Can You Prove Your E-Mail Isn't Spam?
May 16, 2006
By Brian Livingston

Brian Livingston There are some simple steps your company can take to demonstrate that the e-mails you're sending aren't spam. If you're not taking them, many recipients are now ready and willing to filter your messages into the trash.

I reported last week that large corporations have adopted new forms of "authenticated e-mail" at an astonishing rate. About 75 percent of Fortune 100 companies are now publishing Sender ID records. These text records list all IP addresses that are permitted to originate a company's legitimate e-mails. Meanwhile, 45 percent of the firms are using a stronger form of proof. They're digitally signing their e-mails using a technique called DomainKeys. The newer DomainKeys standard is expected by experts to achieve Sender ID's adoption rate within a year.

Smaller companies have lower rates of compliance than the Fortune 100, so far. But the benefits of authenticating outbound e-mails can be just as great for small firms as for large ones. Most Internet service providers are now evaluating incoming messages to see whether the sender bothered to establish a proven identity. If your company isn't doing so, your messages are already being treated as suspect by some ISPs.

Phishing and Identity Theft Make Proof Essential

The move toward authenticated e-mail is being hastened by large financial institutions. These companies are constant targets of fraudulent "phishing" e-mails that pose as legitimate customer-service messages. But it's not just banks that have a stake in the game. Companies with any e-commerce role, large or small, need the buying public to trust Web transactions.

Erik Johnson, a Bank of America vice president, reported a series of heart-stopping statistics in a PDF presentation at the E-Mail Authentication Summit, a conference held last month in Chicago:

14 percent of Americans have stopped using online banking or bill-payment services because of fraud concerns;

20 percent will no longer open any e-mails, legitimate or not, that claim to be from a financial institution they bank with;

26 percent won't use any online financial products, period.

Imagine that the above figures are growing. Then, fill in the words, "Won't buy my company's online products or services..." This should give you an idea of the tremendous investment your company has in fixing the problem of fraudulent e-mail.

Adding DomainKeys to Your Outbound Mail

DomainKeys provides stronger identification of e-mail messages than does Sender ID. That's because Sender ID merely specifies the IP addresses from which a company's legitimate e-mails may originate. DomainKeys, by contrast, involves digitally signing each message. The signature asserts that the sender was authorized to use the company's secret digital certificate. Signing a message also makes it impossible for anyone to alter the contents.

Adding DomainKeys signatures to every outbound message is a step that all companies will want to take as soon as possible. Doing this isn't a technical problem as much as it's a matter of preparing your company for the shift.

How One Company is Handling the Transition

In a telephone interview, Bank of America's Johnson explained how the firm's messages are gradually being converted to DomainKeys signing.

The first step for his company, or any company, Johnson says, is to make an inventory of the in-house staff and any outside vendors that send legitimate e-mails. "We have one domain that we use for some marketing purposes that we outsource," he explains. "We have DK and DKIM [DomainKeys Identified Mail, a later variant] set up on that server. That's sort of a pilot that we're watching."

Whether the bank's many other e-mail service providers will add DomainKeys signing is something that can affect the business relationship. "It would definitely factor in," Johnson says. "It's more important that we authenticate mail than that we use a particular vendor."

Both DomainKeys and Sender ID support a digital "flag" that tells ISPs, "You should now accept e-mails bearing our domain name only if they pass a DomainKeys or Sender ID test." Johnson says the Bank of America, like many businesses, is considering turning this flag on. But it can do so only when its upgrade process is complete.

"We want to do that," confirms Johnson, "but we want to make sure we're 100 percent ready before we flip that switch. It may be eight months before we even consider that."

The sooner that day comes for your business, the sooner your messages can get all the benefits ISPs are granting to authenticated mail. Yahoo Mail and MSN/Hotmail, two of the world's largest e-mail services, for months have been tagging incoming mails with labels that essentially say "this message is valid" and "this message is not valid." Other ISPs are rapidly adding similar alerts that will be just as visible to users.

The Mechanics of DomainKeys Signing

If your company uses one of many popular e-mail server programs, adding DomainKeys signing to your outbound mail may be as easy as installing an add-on program. Yahoo, one of the original backers of DomainKeys, maintains a list of plug-ins for Sendmail, Qmail, Postfix, and many other mail applications. For users of Microsoft's Exchange Server 2003, a C# .NET implementation developed by CERN is available.

The mere fact that a message is DomainKeys signed doesn't ensure it's legitimate. But ISPs can reliably tie DomainKeys signed messages to the domains they came from. These ISPs then accept or reject the messages based on how "spammy" that domain's mail has been in the past.

Messages that are not DomainKeys signed increasingly will be treated as "probable spam" by more and more ISPs. Now is the time to start adding DomainKeys to your mail server to avoid this penalty.

Brian Livingston is the editor of and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers