E-mail authentication summit planned

The Commerce Department wants to spur development and adoption of e-mail authentication technology that could help reduce the amount of spam.

The Federal Trade Commission and the National Institute of Standards and Technology will hold a two-day summit in November to discus technological challenges of existing schemes and new approaches to the problem of accurately identifying the sender of e-mail.

The agencies have issued a call for participation in the summit, to be held Nov. 9 and 10 at the FTC's satellite building at 601 New Jersey Ave. NW in Washington. Written comments also are being accepted through Sept. 30.

The summit is an outgrowth of the CAN-SPAM Act, which required the FTC to study the feasibility of a no-spam list, similar to the successful do-not-call list for telemarketers. In its June 15 report to Congress, 'the Commission explained that significant security, enforcement, practical and technical challenges rendered a registry an ineffective solution,' the FTC said.

But domain-level authentication of e-mail was seen as a possible tool in fighting spammers, who often hide behind spoofed sender addresses on their messages. It could help in the filtering of spam and also could help in identifying violators of the CAN-SPAM Act.

Like much of the Internet, the Simple Mail Transfer Protocol was not developed with security in mind and allows a high degree of anonymity.

'By failing to require accurate sender identification, SMTP allows spammers to send e-mail without accountability,' FTC said.

Several technologies have been proposed to authenticate the sender's address on e-mail. Sender ID lets a receiving e-mail server check the sender's IP address against a list of valid addresses for the originating domain. DomainKeys is a public-key infrastructure scheme the lets the receiving server use a public key to verify a digitally signed sender's address.

Several studies of large volumes of spam have shown that some spammers already are adopting Sender ID to have their mail accepted by servers using that technology.

Written comments and requests to participate in the summit should be sent to Secretary, FTC, Room 159-H (Annex V), 600 Pennsylvania Ave. NW, Washington, DC 20580, or e-mailed to authenticationsummit@ftc.com by Sept. 30. Any comments containing confidential information must be sent in paper form. Because security precautions have slowed Postal Service delivery of mail in the Washington area, FTC suggests written requests be sent by courier or other delivery service.

For more information, contact Sana D. Coleman at 202-326-2249.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group