Hotmail Implements E-mail Authentication

Jun 22, 2005 11:31 PM  By

According to a 2004 study by the Pew Research Center, 63% of consumers trusted e-mail less than they had the previous year. Redmond, WA-based Microsoft is trying to turn that tide by notifying its Hotmail customers when Sender ID protocol is unable to verify the authenticity of an e-mail message. Beginning this week, nonauthenticated messages will be placed into a customer’s junk folder or deleted altogether in conjunction with other spam filters.

E-mail authentication is a program that protects the unauthorized use of brands online and cuts down on spam (unsolicited commercial e-mail), spoofing (e-mails with altered “from” addresses that appear to come from a legitimate sender), phishing (an attempt to gather personal information by pretending to be a legitimate source), and other types of online fraud. Authentication options have been discussed and debated during the past 18 months, with two programs surfacing as leaders.

The first is Sender ID Framework (SIDF), an Internet Protocol (IP)-based solution that combines Sender Policy Framework (SPF) and the Microsoft Caller ID for e-mail. The program checks and validates the sending server’s IP address to ensure the sending domain is authorized to send mail on its behalf. The inbound mail server then rates the e-mail as either passing or not passing and sends it through the recipient’s existing antispam filters. Sender ID is being implemented worldwide, is royalty free, and can be implemented by both business e-mail environments of all sizes and Internet service providers.

The second option is DKIM, which combines Yahoo! DomainKeys and Cicso’s Identified Internet Mail (IIM) specifications. The programs generate a digital signature that is sent to an e-mail recipient’s mail server, where it is verified and put through the user’s other antispam tests. If the digital signature isn’t verified, the e-mail can be dropped, flagged, or quarantined.

Although not yet an open Internet standard, Yahoo! has submitted the DomainKeys framework for publication with the Internet Engineering Task Force.