| Home > Helping your organization avoid phishing: E-mail authentication | |
| Book Chapter: |
|
||
In this excerpt of Chapter 6 from Phishing: Cutting the Identity Theft Line, authors Rachael Lininger and Russell Dean Vines explain how e-mail authentication helps protect companies from phishing attacks. E-mail authentication systems may provide an effective means of stopping e-mail and IP spoofing. E-mail spoofing is probably one of the biggest current Web security challenges. Without authentication, verification and traceability, users can never know for certain if a message is legitimate or forged. E-mail administrators continually have to make educated guesses on behalf of their users on what to deliver, what to block and what to quarantine. The three main contenders for authentication are Sender Policy Framework (SPF), SenderID and DomainKeys. APWG estimates that adopting a two-step e-mail authentication standard (say, using both SPF and DomainKeys) could stop 85% of phishing attacks in their current form. Although all four systems rely on changes being made to DNS, they differ in the specific part of the e-mail that each tests:
You should start preparing for e-mail authentication. All e-mail will eventually have to comply with some type of sender verification methods if you want it to get through. Successful deployment of e-mail authentication will probably be achieved in stages, incorporating multiple approaches and technologies. The following sections discuss these four approaches in greater detail.
'); // -->
|
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
|
||||||||||