FTC plans e-mail authentication standards

The Federal Trade Commission this fall will host an anti-phishing expedition, a summit at which industry experts will offer advice on developing requirements for an e-mail authentication standard.

Identifying the origin of e-mail messages is essential to enforcing laws against deceptive spam and online fraud, said Sana Coleman, counsel for the FTC's Bureau of Consumer Protection. The commission will announce the date and other details of the summit in several weeks.

'FTC will not endorse any particular technology,' Coleman said last week during a Capitol Hill panel discussion on phishing'an automated form of social engineering that uses phony e-mails appearing to come from legitimate businesses to trick consumers into revealing personal and financial information. 'Perhaps it will be multiple standards.'

FTC is not a standards-setting body, but because online consumer fraud falls under the jurisdiction of the FTC Act, the commission is eager to put an authentication scheme in place.

Some phishing e-mail contains official-looking forms to be filled out. Some of it links to official-looking Web sites where the information is submitted.

According to a study by the Anti-Phishing Working Group, 1,125 new phishing schemes were identified in April, a 180 percent increase over the previous month. According to a study by Gartner Inc. of Stamford, Conn., an estimated 1.8 million people have been fooled into revealing information to fraudulent sites.

Congress is considering a number of anti-phishing bills, and Jesse Wadhams, technology policy counsel to the Senate Republican High Tech Task Force, said the issue definitely has Congress' attention.

'I think you will see this become a bigger issue in the coming months, certainly in the next Congress,' Wadhams said.

But effective enforcement requires authentication technology.

A number of standards are in the works for authenticating the origins of e-mail. Microsoft Corp. recently announced it would combine its proposed Caller ID for E-mail protocol with the Sender Policy Framework into a single technical specification.

Yahoo.com is working on Domain Keys, a public-key infrastructure scheme, and the Internet Engineering Task Force has established a working group that expects to propose an authentication standard this year.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected