We have established the importance of email authentication and thoroughly one Method of compliance, the RIA. This is one of the more advanced software, however, smaller, or “start-up” providers and companies most likely would execute the more sophisticated RIA as they prospered. In the beginning, as long as the email is authenticated, the companies would be protected, along with their clients. The three most popular methods are Sender Policy Framework (SPF) created by Mr. Wong, Sender Identification Framework (Sender-ID, SIDF) from Microsoft, and Domain Keys Identified Mail (DKIM) created by Yahoo.
We touched base on DKIM, and its use of cryptographic signing. The SPF uses the Internet Providers address of the “email-sending neighbor,” the validating server, and the Domain Name, in the email’s return address. The Sender-ID method has the same “mechanism” as SPF, except it “chooses from a different array of Domain Keys specifically the Purported Responsible Address (PRA),” validating the message. The PRA uses a “six-step analysis that inspects a number of locations.
” The four major steps are: 1) Resent-Sender: header field; 2) Resent-From: header; 3) Sender: header field; and 4) From: header field.
This is popular because users can view the “From: field,” and know exactly where the email is being generated. This should improve recognizing phishing and deceptive emails. Whichever method used to authenticate emails, reduce spam and fraudulent activity is required to protect the company and they’re clients, each of these software’s qualify. email abuse can be “as high as 90 percent of Internet messaging traffic. ” It is crucial to assume successful email authentication practices to rouse trust and security for all parties involved (maawg.
org. n. d. ).
Email authentication as we’ve discussed is a vital component to the security and reliability of the message. This paper has reviewed the common methods used to accomplish this undertaking as well as the ‘Cadillac’ of authentication software the Receiver Initiated Authentication (RIA). Now we will look at what can happen if emails are not authenticated simply put the recipient receives more span and possible phishing attacks; which is a criminal attempt to acquire your personal data; such as, user name, passwords, and credit card information.
This is possible through any electronic communication, but most prevalent with emails. Emails can also wreak havoc on your computer bringing in viruses, hoaxes, worms, Trojans, and spy ware. Does a conglomerate like Yahoo or Microsoft or the unsuspecting, “regular” user need these concerns? They are monetarily costly, as well as, losing clients who feel insecure. An unequivocal, “no,” and to highlight the security issue even further, here us a brief of an Associated Press (AP) article concerning the White House.
In 2008, the staff received an internal White House memo saying that the White House was missing more than “225 days work of e-mails. ” The staff said that “approximately 5 million emails were lost between 2003-2005. ” It was reported that the work to recover these emails would not be completed until April, 209 or later. Rahm Emmanuel, House Democratic Caucus Chairman, told the AP, “the White House that wants to keep track of all your emails and phone records can’t even keep track of their own. ” A harsh, but true statement, Another President will have to clean up this situation.
Due to this mix-up, the House passed the Electronic Communications Preservation Act in July, 2008, which directs the government to create standards for the “capture, management, and preservation of electronic messages that are presidential records. ” If this situation is not addressed and future problems stopped, government agencies can’t insure that they are protecting the “rights of individuals and the federal government is being adequately identified and preserved. ” April is here and it is a wait and see game, as to the White House’s promise to recover the missing emails (Swartz, n. d. ).
One of the authentication methods, that is extremely efficient is cryptographics, but it has earned a reputation of not being user-friendly. A report comprised between April 2-7, 2005 in Portland, Oregon by; Simson Garfinkel, Erik Norlander, Robert Miller, David Margrave from Massachusetts Institute of Technology, Cambridge, Massachusetts and Jeffrey Schiller, of Amazon. com, in Seattle Washington presents suggestions on easier ways of using cryptographics. The authors state that regular internet email doesn’t offer methods for “assuring integrity, privacy or establishing authorship.
” They strongly ascertain that the best protection is through cryptography. Most email programs have this technology built into their message framework, but this report states that few messages are actually secured as they transport over the Internet. Based on a survey and the authors vast knowledge of Secure Multipurpose Internet Mail Extensions (S/MIME), digitally signing routine e-business communications is the most effective and simplified authentication method to utilize. Building into the software an integrated system with keys that automatically distribute to new accounts added the cryptographical technology.
To send mail the sender first creates a pair of keys and a “certificate certifying that pair. ” The buttons would have “encrypt” and “sign” on them, and be located on the toolbar, but this still creates barriers. There is nothing to prevent a user from putting any name on the keys after there created. Again, an opportunity for “deception and skull duggery. ” The S/MIME addressed this issue by requiring users to obtain a certificate from a prominent, reliable Certifying Authority (CA), showing the certificate matches the keys.
After another study, and several user-friendly teaching seminars, the authors had 44. 9% of their respondents willing to upgrade in order to “get more protection,” for their emails. All of the authors agree that “increasing the amount of signed mail in circulation on the Internet cannot help but improve the overall security of Internet mail. ” Undoubtedly this would expedite the confidence users have in email communications, and give “powerful new tools” to fight spam (Garfinkel,Margrave, Schiller, Nordlander, Miller, 2005)
I referred earlier that an email was similar to sending a postcard through the ‘snail’ mail, and the fact that anyone can read it. The information they would receive, along with the personal message, is your name, address, the person that sent the card to you, and where that person sent it from. How do you feel about a stranger knowing this information about you? Would it make you think about identity theft, and how vulnerable you really are? Well take that feeling and multiply it by the possibility of millions of strangers across the
World Wide Web viewing your postcard. Email authentication would avoid that situation.
References
Garfinkel, S. Margrave D,, Norlander E. , Miller R. , Schiller J. ,(2005, April 2-7). Information Management Journal. Papers: Email and Security. Idcontrol. net (n. d. ) Email Encryption and Signing. Internet and Access Management http://www. idcontrol. net Kaplan, M. , (n. d. ) Receiver Initiated Authentication: A Practical Method to Authentication A Practical Method to Authenticate Incoming Email. Spamfizzle. http://spamfizzle. com/default/aspx
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
