To ensure maximum delivery and to help separate legitimate e-mail from fraud, senders should adopt specifications as quickly as possible. This task is difficult however because the specifications can be complex, there are several competing standards that are subject to change and different receivers will prefer alternative methods of authentication. Two such specifications are Sender ID and DomainKeys.
Sender ID
The Sender ID Framework is an e-mail authentication technology protocol that helps address the problem of spoofing and phishing by verifying the domain name from which e-mail messages are sent. Sender ID validates the origin of e-mail messages by verifying the IP address of the sender against the alleged owner of the sending domain. Now adopted by more than 10 million domains worldwide, Sender ID is providing brand owners, senders, and receiving networks with significant business and technical value.
Sender ID seeks to verify that every e-mail message originates from the Internet domain from which it claims to have been sent.
This is accomplished by checking the address of the server that sent the mail against a registered list of servers that the domain owner has authorized to send e-mail. This verification is automatically performed by the Internet service provider (ISP) or the recipient’s mail server before the e-mail message is delivered. The result of the Sender ID check can be incorporated into the filtering tasks that are already performed by the mail server. After the sender has been authenticated, the mail server may apply conventional content filters and consider past behaviors, traffic patterns, and sender reputation when determining whether to deliver mail to the recipient.
To use SIDF, e-mail senders and domain owners must publish or declare all of the Internet Protocol (IP) addresses used by their outbound e-mail servers, or the IPs authorized to send e-mail on their behalf, in the Domain Name System (DNS). These IPs are included in a Sender Policy Framework (SPF) text file.
DomainKeys
DomainKeys adds a header named “DomainKey-Signature” that contains a digital signature of the contents of the mail message. The default parameters for the authentication mechanism are to use SHA-1 as the cryptographic hash and RSA as the public key encryption scheme, and encode the encrypted hash using Base64.
The receiving SMTP server then uses the name of the domain from which the mail originated, the string _domainkey, and a selector from the header to perform a DNS lookup. The returned data includes the domain’s public key. The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received, from the point immediately following the “DomainKey-Signature:” header. If the two values match, this cryptographically proves that the mail originated at the purported domain and has not been tampered with in transit.
There are three primary advantages of this system for e-mail recipients:
- It allows the originating domain of an e-mail to be positively identified, allowing domain-based blacklists and whitelists to be more effective. This is also likely to make phishing attacks easier to detect.
- It allows forged e-mail messages to be discarded on sight, either by end-user e-mail software (mail user agents), or by ISPs’ mail transfer agents.
- It allows abusive domain owners to be tracked more easily.
There are some incentives for mail senders to authenticate outgoing e-mail:
- It allows a great reduction in abuse desk work for DomainKeys-enabled domains if e-mail receivers use the DomainKeys system to automatically drop forged e-mail messages claiming to be from that domain.
- The domain owner can then focus their abuse team energies on their own users who actually are abusing their use of that domain.
Sender Score Certified
Sender Score Certified isn’t for everyone - the standards are high and the requirements are strict - but senders who are accepted are immediately elevated to a higher status in the eyes of email receivers.
- Members enjoy reduced filtering risk and increased delivery rates at more than 600 million email boxes.
- The names that rely on Sender Score Certified read like a who’s who of the email receiving universe - top ISP’s like Microsoft, Roadrunner and Cox; top filtering solutions like Spam Assassin, IronPort Systems, Barracuda Networks and Cloudmark; plus thousands of top universities and Fortune 500 companies.
- Overall, Sender Score Certified helps determine deliverability for 40 percent of all email inboxes, including 67 percent of all consumer inboxes.
- And if all these numbers haven’t melted your cerebral cortex yet, ponder this one: email receivers query Sender Score Certified more than five billion times per day.
Sender Score Certified is the absolute fastest path to more inboxes than any other deliverability solution. Becoming Sender Score Certified is one of those rare win-win situations. The standards are strict - members are required to maintain a very high quality email program - but it’s no accident that maintaining a high quality email program inevitably leads to a high profit email program.