FEATURE EDITORIAL

Protection Tactic: Authentication

With the threat of having others steal what amounts to a corporate identity and reputation, many organizations searching for ways to protect their brands have found a key step in authentication. Adoption of email and domain authentication technology by major fortune 500 brands has reached a tipping point. According to December research from the Authentication and Online Trust Alliance (AOTA), over 50 percent of legitimate email sent worldwide on a daily basis from over 15 million domain holders is authenticated. The AOTA was founded in October 2004 at a time when phishing was a relatively new phenomenon and is a vendor-neutral group that promotes the benefits of Internet safety and represents over one million businesses and 500 million users worldwide. Its current research, State of Email Authentication and the Internet Trust Ecosystem, highlights how top Fortune 500 and Internet retailers have adopted Sender ID (SIDF) and DomainKeys Identified Mail (DKIM)—the leading standards of authentication.

Verification by either DKIM and or SIDF, when coupled with reputation data, allows ISPs and receiving networks to make enhanced decisions on whether or not to deliver email into the inbox, junk or bulk mail folder, or to quarantine and/or block the email. The AOTA promotes this approach because it has the potential to reduce consumer risk while enhancing deliverability and click through of legitimate email.

When Craig Spiezle, chairman of AOTA and director of Internet Security & Privacy at Microsoft Corporation is asked: what is the business value for authenticating? His response is that ultimately it is protecting against the threats that impact the brand. "Email authentication is really only the first part, which is about the identity and knowledge of who the sender is," explains Spiezle. "However, it does not tell what we know about him. The majority of ISPs have not figured out reputation data today." Spiezle cites this as an area where more needs to be done. "ISPs need to step up to the plate and do more—more on the inbound issue of authentication, and application of reputation, as well as better control of outbound spam from the networks." Looking from 2005 to today, the threat landscape has changed. "There wasn't look-a-like domain issues at the magnitude we have today, even just a few years ago," observes Spiezle.

AOTA Summit 2008

As in past, the AOTA is planning its annual summit to take place June 4th and 5th in the Pacific Northwest at the Westin Seattle. Reaching the Tipping Point: Future of Online Trust will focuses on case studies and best practices with the goal of providing attendees actionable advice to protect brand, customers and infrastructure. According to Spiezle, the summit will offer over 25 sessions and is an example of the variety of stakeholders gathering with representation from more than 50 businesses, including government, marketing and technology experts. "We have not diluted the original intent, but this year we build upon authentication as a key solution. If you look at the agenda, there are as many sessions on email authentication as before. One of the important things to remember is that while many of us may feel like we have done this many times, we are still preaching to the choir. A majority of businesses do not know about this. The Summit offers the opportunity to share not only best practices, but also the business value for all business sizes and types."

The research from December will be updated in June, in time to share with Summit attendees. Spiezle notes that as evidenced by the research the numbers of organizations authenticating is growing, but he is realistic, stating that it will take time. He also points out that AOTA evaluates the corporate domain when determining adoption. AOTA recognizes a higher percentage of the Fortune 500 has authenticated their marketing domains. For example, if a corporation authenticated email.corporation.com, but not corporation.com, AOTA does not classify that corporation as an adopter. AOTA utilizes this definition because the majority of phishing attacks are perpetrated against corporate domains, which are most recognizable to consumers.

Registration for AOTA Summit 2008 is currently underway.

New Email Security Gateway for Exchange/SMTP Servers

This week Alt-N Technologies announced the release of its newest product to provide affordable email security firewall protection against spam, viruses, phishing, spoofing, and other forms of Malware. The company says its SecurityGateway for Exchange/SMTP Servers incorporates the powerful SIEVE email filtering language with proven security technologies into a product that delivers simple, easy-to-use features to protect, analyze, manage, and report on the inbound and outbound email traffic patterns of Microsoft's Exchange Server or any SMTP email server. "Our focus has always been to do everything possible to keep the junk messages and other threats out of the user's inbox," said Arvel Hathcock, founder and CEO of Alt-N Technologies. "The need for a cost effective edge role security gateway filter to protect mail servers from spam and other forms of Malware has never been greater. However, without a clear understanding of email technology, many products still deliver high false positive rates and users remain frustrated with the performance of their solution. So we have combined our expertise in email delivery technology with our award-winning email security features to develop an entirely new product that meets the needs of any customer using an Exchange or other SMTP mail server. The result is an email security product that delivers simple administration, powerful filtering, and accurate results."

SecurityGateway for Exchange/SMTP Servers starts at USD $595 and supports small business as well as Enterprise installations. It will be initially released as a software product. An appliance form factor is scheduled in mid-2008.

MESSAGING NEWS CASE STUDY BRIEF:

Real World Solutions from People in the Trenches featuring Teneros and DLR Group

Headquartered in Omaha, Neb., DLR Group specializes in architecture, engineering, planning and interiors projects. The company uses Microsoft Exchange server for its email communications, and 40 percent of its 700 mailboxes are regularly accessed via mobile devices in addition to the desktop. DLR group had a monthly average of 30 to 60 minutes scheduled email downtime for maintenance, and it also experienced occasional unplanned email outages. Since installing Teneros Application Continuity Appliance, for high-availability of Microsoft Exchange at the end of 2007, the company has had one hundred percent continuous email availability for its employees.

"I just love the Teneros appliance," says Gin McMillan, DLR Group IT director. "It was very easy and straightforward to install, and it works great, which means that's one less thing my team has to worry about. We recently had an incident where we experienced an unplanned Exchange outage that lasted a couple of days, but our email stayed up the entire time because it was running on the Teneros appliance. So the Teneros appliance has already paid for itself."

We welcome your ideas and your news for Messaging Newswire’s News & Trends in Email Security. Let us know what you think by sending your comments to editorial@messagingnews.com. Written or compiled by Stephanie Jordan. All trademarks are the property of their respective owners.

For marketing information on this newsletter or other Messaging News products contact jvictor@messagingnews.com