Sender ID: The Next Wave in Email Protection
So what's all this talk about "Sender ID" and what
exactly does it mean to you as an email user? Sender
ID is the convergence of Microsoft's "Caller ID" and
Meng Wong's "Sender Policy Framework" (SPF). What Sender ID does is verify that every piece of
email sent actually did originate from the domain
it claims to have come from, based on the sender's
server IP. The majority of junk email being sent uses forged
sender addresses. This practice is also known as
"Spoofing." Spoofing goes hand in hand with a
scam called "Phishing." This is where someone
sends spoofed email, usually pretending to be
from your Bank, credit card companies or other
highly trusted organizations, trying to get you
to divulge your credit card numbers,usernames
or passwords -- even your social security number.
Once the phisher obtains this information, it is
used to hack into your financial accounts or make
unauthorized charges on your cards. For more on
Phishing, see this site: http://www.antiphishing.org/
Sender ID will hopefully prevent these types of
practices completely. A draft proposal of Sender ID was sent for review
to the "Internet Engineering Task Force" for
consideration as an Industry Standard for email
authentication. The task force's decision remains to be seen.
Microsoft recently threw a wrench in the mix by
deciding to demand a registration license for
their part of the Sender ID Program. Since the
new protocols need to be freely available to the
public, this is causing additional problems. Here's a quick breakdown of the Sender ID
process in a nutshell: 1) All email servers must publish the ID
address of their outbound email servers
in the DNS (Domain Name System) 2) When email is received, each system looks
at the incoming messages to determine if they
did indeed originate from the domains
listed. 3) This verification is determined by querying
the DNS for the list of outbound email server
IP addresses for that particular domain. If
the IP the email was sent from is not in that
list, it is most likely a spoofed message. Remember, sender ID offers no guarantee that
your email will be delivered, nor does it solve
the huge Spam problem, but it will stop Domain
Identity Theft by spoofers. For more information, even an online wizard to
help you create your own SPF text record see
http://microsoft.com/mscorp/twc/privacy/spam_senderid.mspx
another great resource with some very handy
tools is http://spf.pobox.com
|