E-Mail Authentication Summit II Set for April 19; Microsoft's Craig Spiezle on Need to Implement Authenticated E-Mail
February 24, 2006 – The Direct Marketing Association’s (DMA) new requirement that members employ e-mail identification and authentication systems to verify the authenticity of legitimate e-mail messages took effect February 1, 2006.
To assist members to understand e-mail authentication and comply with this new requirement, DMA has twice presented a virtual seminar and offers numerous resources on e-mail authentication in the Antispam Section of its Web site at http://www.the-dma.org/antispam.
Now, DMA will be one of the underwriters of E-Mail Authentication Summit II, which will be held in Chicago on Wednesday, April 19, 2006. The first summit was held in New York City on July 12, 2005.
In addition to DMA, other members of the summit’s steering committee and event underwriters are AOL, the Anti-Phishing Working Group (APWG), Cisco Systems, Digital Impact, DoubleClick, Email Sender & Provider Coalition (ESPC), GoodmailSystems, Habeas, IronPort Systems, Microsoft, Return Path, Skylist, StrongMail, and Symantec.
Craig Spiezle, Director, Microsoft Technology Care and Safety and Chair of emailauthentication.org, provides the following information regarding e-mail authentication and the April 19 summit.
* * *
As an important part of the critical business infrastructure, email enables reliable communication among customers and partners to further global business relations, ecommerce and online banking. Unfortunately, spammers and phishers continue to exploit this infrastructure, creating security risks for users and jeopardizing the brands and domains of businesses worldwide.
Tremendous progress has been made in the fight against spam. Advances in email filtering technologies and continued anti-spam enforcement efforts have made spamming more difficult and, thus, a less rewarding and less profitable business. Still, spammers, and a growing breed of phishers, continue to become more creative and malicious in their attempts to rob users of their security, privacy and financial assets. These scammers are notorious for exploiting the lack of verifiable identity in email to trick filters and email recipients into thinking a message is coming from a legitimate and trusted source.
Fortunately the industry is making headway through a combination of innovative technologies that provide prescriptive guidance, effective legislation and enforcement and industry collaboration. One of the most promising efforts to date—one that is already demonstrating real results—is email authentication.
By providing a mechanism by which a sender’s identity can be confirmed, these technologies provide valuable input to spam filters and to accreditation and reputation solutions. This helps receiving networks better detect spam while improving the deliverability of legitimate email.
What’s New In E-Mail Authentication?
Over the past 18 months, authenticated mail has evolved significantly from concept to implementation with two complementary royalty-free approaches: the Sender ID Framework (SIDF) and DomainKeys Identified Mail (DKIM). SIDF is an Internet Protocol (IP)–based solution that was developed from the merger of the Sender Policy Framework (SPF) and the Microsoft Caller ID for Email. DKIM is the merger of Yahoo! DomainKeys and Cisco’s Identified Internet Mail (IIM) specifications.
During the past year, the industry has made significant progress in email authentication and other efforts to curb spam and online phishing exploits. Based on a recent analysis by VeriSign and MarkMonitor, approximately 2.5 million domains are now publishing SIDF records, which together account for more than 3 billion emails daily. Combined with DKIM, more than a third of Internet email is already being authenticated! While some spammers were early adopters of these specifications, their known “spamming reputation” allows receiving mail transfer agents (MTAs) and real time block lists (RBLs) to detect and block them, fulfilling the promise of authentication.
Today, both the Direct Marketing Association (DMA) and the Email Service Provider Coalition (ESPC) require their members to authenticate all outbound email. In part from this call-to-action, in addition to the continued industry collaboration and support for authentication from the Anti-Phishing Working Group, Federal Trade Commission, TRUSTe and other industry stakeholders, over 80 percent of the Fortune 200 companies are now authenticating their outbound marketing email.
Demonstrating industry support and adoption momentum to help meet the needs of businesses of all sizes, over a dozen MTA and anti-spam vendors are currently shipping products which are now SIDF and or DKIM enabled. Leading best of breed solutions are available today from Barracuda Networks, CipherTrust, Cisco, Cloudmark, ICONIX, IronPort, MailFrontier, Microsoft Exchange, OmniTI, Port25, SKYLIST, Sendmail, StrongMail and Symantec. Results from leading ISPs including AOL and MSN Hotmail, and commerce and banking sites who have adopted authentication mechanisms show improved spam detection and enhanced sender reputation scoring, resulting in a reduction in false-positive incidents among authenticated email senders.
For additional information on authentication and reputation resources, visit www.emailauthentication.org which provides email tools and resources to assist the IT and business communities.
Authentication Summit II is a full day conference designed for IT professionals, marketers and business decisions makers who are looking to reduce spam from hitting their networks, improve deliverability and confidence in email, protect users from phishing exploits and protect their domains and brands from online exploits. With user confidence being tarnished by spam, phishing and ID theft, this event provides an opportunity to help ensure the viability of the Internet and confidence in electronic messaging.
Hosted at the Chicago Hilton, attendees will learn the latest advances in email authentication including the Sender ID Framework (SIDF) and DomainKeys Identified Mail (DKIM) and the importance to authenticate both inbound and outbound email. The Summit will focus on real life results and prescriptive information, including customer deployment data and case studies. The program will include general sessions and keynotes in the morning followed by afternoon intensives. The technical sessions are designed for IT, security and technical professionals and the marketing sessions are targeted for the email marketing, ecommerce and business decision makers.
· Evolution & Future of Electronic Messaging and Communications - Thinking outside of today's inbox.
· Impact to Consumer Trust & Confidence - How authentication is defending against phishing.
· State of the State of Authentication - Scorecard and view of the Fortune 500, ecommerce and financial services industries.
· Case study from Bank of America - What it takes to authenticate inbound & outbound mail.
· Impact to email deliverability and false positives.
· Deep Dive into DKIM and Sender ID - How they are better combined than alone. Includes use case scenarios and lessons learned.
· Beyond Authentication - Secure messaging and message level security.
· Self Protection, Prevention & Compliance - What a domain holder can do to protect and prevent their domain from being compromised. (Case Study)
Summit attendees will have the opportunity to meet with executives and technical architects from over thirty companies, demonstrating the latest technologies and services enhancing online safety, secure email and emarketing strategies. As part of the program and evening reception, this is a premier networking event!
How to Attend
To attend E-mail Authentication Summit II, visit www.emailauthentication.org/summit2006.
Register by March 15 and save $100 on your registration. Do not miss this important industry gathering. Register today.
# # #
back to top