Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst of all, perhaps, people tend to use the same username and password...
Two factor authentication, or the snappy acronym 2FA, is something that you’re going to be hearing a lot about over the next year or so, both for use by ESP employees (in an attempt to reduce the risks of data theft) and by ESP customers (attempting to reduce the chance of an account being misused to send spam). What is Authentication? In computer security terms authentication is proving...
Yahoo announced today that they are releasing the Yahoo! Mail Anti-Phishing Platform (YMAP) that will help protect their users from phishing. They have a similar project in place for eBay and PayPal mail, but this will extend to a broader range of companies. [W]e’re beefing up Yahoo! Mail’s SpamGuard by adding more security measures that make it much harder for phishers to get to your mailbox...
Last week Return Path announced a new service: Domain Assurance. This service allows companies who send only authenticated email to protect their brand from phishing attacks. Participating ISPs will reject unauthenticated email from domains participating in this program. Once the sender has ensured that all their email is being authenticated, they can add their domains and sub-domains to the...
I’ve seen some mentions recently of ESPs suggesting that if you use your own domain in the From: of mail you send through an ESP then that ESP can’t “do email authentication” properly unless they require you to edit your domains DNS settings. That’s not really so, but there is a kernel of truth in there. The real situation is, unsurprisingly, a bit more complicated...
As often happens during MAAWG, email companies are announcing new products. One of the interesting ones is the new Domain Assurance product from Return Path. Domain Assurance […] first audit[s] a company’s email streams to be sure authentication has been properly implemented. Then, the company’s domains are added to a registry. Participating ISPs can check the registry and block...
I’ve been recently dealing with a client who is looking at implementing authentication on their domains. He’s done a lot of background research into the schemes and has a relatively firm grasp on the issue. At this point we’re working out what policies he wants to set and how to correctly implement those policies. His questions were well informed for the most part. A few of them...
Late last week RPost sued Goodmail for infringing two patents. One patent authenticates content and delivery of documents. The second verifies the message was received by the recipient. Patent #6,182,219: Apparatus and method for authenticating the dispatch and contents of documents. Apparatus and method for authenticating that a sender has sent certain information via a dispatcher to a recipient...
First off, I want to thank everyone who participated in the DKIM implementation survey. This week has been pretty hectic so far, so I haven’t had a chance to actually dig down into the data from the survey, but I thought I’d post some preliminary results. The ESP survey had 45 respondents. 30% of those sent more than 15 million emails a month. Of all the respondents: 40% are signing...
Venkat has a discussion of authentication needed to present emails to a judge when asking for a summary judgment.
RSS - Posts