width= Webcast: Chilling Changes in the Server Room. March 20. How to Stave Off High Cooling Bills & Power Costs.

Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
Developing and Implementing a Rollout Plan

Asking the Right Questions

Using ITIL to Manage Virtualization

IT Portfolio Rationalization

Understanding the Role of the Configuration Management Database (CMDB) in ITIL

'They Did What?!'

More Business/IT Alignment Webcasts

More ITSM Webcasts

Search EarthWeb Network

Be a Commerce Partner
PDA Phones & Cases
KVM over IP
Online IT Degrees
Home Mortgage Loans
Cheap Plasma TVs
Promotional Pens
Buy Text Link Ads
Help Desks
Franchise Directory
Promote Your Website
IT Degrees Online
New Car Prices

Travel Ideas:
Huatulco Vacations
Copper Mountain Ski
Telluride Hotels
Colorado Vacation Rentals
Destin Hotels
Miami Hotel
Orlando Vacations
IT Management : Columns : Executive Tech: Can You Prove Your E-Mail Isn't Spam?

Just click on the webcast of your choice to register:
How to Keep Your Remote Data Secure and Available
March 21, 2007 (2 p.m. EDT, 11 a.m. PDT)
Ever-increasing amounts of data continues to be accessed, generated and stored in remote office branch offices (ROBO) environments. Given the increasing threats to information and privacy concerns, data for ROBO environments needs to be protected in a timely and effective manner. Learn about your options for protecting ROBO data.
Register Now >
Thwarting Targeted Attacks
March 29, 2007 (2 p.m. EDT, 11 a.m. PDT)
Organizations continue to face threats from random acts of IT malice launched by amateurs. But the real danger comes from professionals targeting specific people or organizations. Attend this webcast and learn what you can do to prepare your organization for focused and determined attempts to exploit both their personnel and networks.
Register Now >
They Did What!?—Steps to Reducing Business and IT Miscommunication
March 19, 2007 (2 p.m. EDT, 11 a.m. PDT)
Nearly every IT manager has experienced a miscommunication with the business side that caused big problems. Not only is miscommunication between IT and the business almost universal, it can happen both ways. Learn about the steps you can take to reduce miscommunication.
Register Now >
Chilling Changes in the Server Room
March 20, 2007 (2 p.m. EDT, 11 a.m. PDT)
The more your organization depends upon the network and your servers, the more heat they produce and the more power they consume. Learn about technological and data center changes that are driving your cooling bills through the roof and what you can do to stave off higher cooling bills and power costs.
Register Now >

- ITSMWatch Newsletter -
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
CLARiiON - Disk Based Mid-Tier Arrays From 3 To 480 Drives
Sun x8 Express Ethernet Cards - Quad GigE and Dual 10 GigE PCI-E Cards
Fanurio - Time Tracking Software for Freelancers
GFI LANguard Network Security Scanner (N.S.S.) - With Vulnerability Scanning and Patch Management Features
mirabyte Feed Writer - RSS Editor

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Are blades right for you? Don't guess. Assess. IBM BladeCenter can simplify your infrastructure. This online tool, co-sponsored by AMD™ Opteron™, helps determine if blades are right for you.

Can You Prove Your E-Mail Isn't Spam?
November 8, 2006
By Brian Livingston

Brian Livingston There are some simple steps your company can take to demonstrate that the e-mails you're sending aren't spam. If you're not taking them, many recipients are now ready and willing to filter your messages into the trash.

Large corporations have adopted new forms of "authenticated e-mail" at an astonishing rate. About 75 percent of Fortune 100 companies are now publishing Sender ID records. These text records list all IP addresses that are permitted to originate a company's legitimate e-mails. Meanwhile, 45 percent of the firms are using a stronger form of proof. They're digitally signing their e-mails using a technique called DomainKeys. The newer DomainKeys standard is expected by experts to achieve Sender ID's adoption rate within a year.

Smaller companies have lower rates of compliance than the Fortune 100, so far. But the benefits of authenticating outbound e-mails can be just as great for small firms as for large ones. Most Internet service providers are now evaluating incoming messages to see whether the sender bothered to establish a proven identity. If your company isn't doing so, your messages are already being treated as suspect by some ISPs.

Phishing and Identity Theft Make Proof Essential

The move toward authenticated e-mail is being hastened by large financial institutions. These companies are constant targets of fraudulent "phishing" e-mails that pose as legitimate customer-service messages. But it's not just banks that have a stake in the game. Companies with any e-commerce role, large or small, need the buying public to trust Web transactions.

Erik Johnson, a Bank of America vice president, reported a series of heart-stopping statistics in a PDF presentation at the E-Mail Authentication Summit, a conference held last month in Chicago:

14 percent of Americans have stopped using online banking or bill-payment services because of fraud concerns;

20 percent will no longer open any e-mails, legitimate or not, that claim to be from a financial institution they bank with;

26 percent won't use any online financial products, period.

Imagine that the above figures are growing. Then, fill in the words, "Won't buy my company's online products or services..." This should give you an idea of the tremendous investment your company has in fixing the problem of fraudulent e-mail.

Adding DomainKeys to Your Outbound Mail

DomainKeys provides stronger identification of e-mail messages than does Sender ID. That's because Sender ID merely specifies the IP addresses from which a company's legitimate e-mails may originate. DomainKeys, by contrast, involves digitally signing each message. The signature asserts that the sender was authorized to use the company's secret digital certificate. Signing a message also makes it impossible for anyone to alter the contents.

Adding DomainKeys signatures to every outbound message is a step that all companies will want to take as soon as possible. Doing this isn't a technical problem as much as it's a matter of preparing your company for the shift.

How One Company is Handling the Transition

In a telephone interview, Bank of America's Johnson explained how the firm's messages are gradually being converted to DomainKeys signing.

The first step for his company, or any company, Johnson says, is to make an inventory of the in-house staff and any outside vendors that send legitimate e-mails. "We have one domain that we use for some marketing purposes that we outsource," he explains. "We have DK and DKIM [DomainKeys Identified Mail, a later variant] set up on that server. That's sort of a pilot that we're watching."

Whether the bank's many other e-mail service providers will add DomainKeys signing is something that can affect the business relationship. "It would definitely factor in," Johnson says. "It's more important that we authenticate mail than that we use a particular vendor."

Both DomainKeys and Sender ID support a digital "flag" that tells ISPs, "You should now accept e-mails bearing our domain name only if they pass a DomainKeys or Sender ID test." Johnson says the Bank of America, like many businesses, is considering turning this flag on. But it can do so only when its upgrade process is complete.

"We want to do that," confirms Johnson, "but we want to make sure we're 100 percent ready before we flip that switch. It may be eight months before we even consider that."

The sooner that day comes for your business, the sooner your messages can get all the benefits ISPs are granting to authenticated mail. Yahoo Mail and MSN/Hotmail, two of the world's largest e-mail services, for months have been tagging incoming mails with labels that essentially say "this message is valid" and "this message is not valid." Other ISPs are rapidly adding similar alerts that will be just as visible to users.

The Mechanics of DomainKeys Signing

If your company uses one of many popular e-mail server programs, adding DomainKeys signing to your outbound mail may be as easy as installing an add-on program. Yahoo, one of the original backers of DomainKeys, maintains a list of plug-ins for Sendmail, Qmail, Postfix, and many other mail applications. For users of Microsoft's Exchange Server 2003, a C# .NET implementation developed by CERN is available.

The mere fact that a message is DomainKeys signed doesn't ensure it's legitimate. But ISPs can reliably tie DomainKeys signed messages to the domains they came from. These ISPs then accept or reject the messages based on how "spammy" that domain's mail has been in the past.

Messages that are not DomainKeys signed increasingly will be treated as "probable spam" by more and more ISPs. Now is the time to start adding DomainKeys to your mail server to avoid this penalty.

Brian Livingston is the editor of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:


Search JupiterWeb:

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers