For the purposes of this post, "honest email" refers to non-spam messages -- whereas, spam messages are the unquestionable bad stuff sent by the bad guys. To sieve the honest email from the spam email is a Herculean, never-ending task.
- Message Body: Contains spammy content, e.g., pornography, malware and call-to-action scams
- Message Sender: Identity is fraudulent, i.e., cannot be authenticated. Further, the sender has earned a discredited reputation for repeatedly sending spam.
Spamware has become so sophisticated that using the cocktail approach solely to fight spammy content is not good enough. Welcome to the world of email Sender Authentication and Sender Reputation. Over the last four years, the majority of research, development and politics have focused on the Sender Authentication wars. Domain Keys Identified Mail (DKIM) and Sender ID Framework (SIDF) emerged as the victors, and both are now widely adopted. However, Sender Reputation initiatives are in an embryonic state. With guns a blazing, each vendor proclaims to have the "best" reputation solution. Taming this "Wild Wild West" frontier are:
- A cottage industry of email reputation providers (e.g., Goodmail, Habeas and Reputation Technologies)
- Reputation services from pure-play security vendors (e.g., Cloudmark Rating and Secure Computing's TrustedSource)
- Reputation services from e-marketing vendors (e.g., ReturnPath)
- Reputation services from pure-play OEM providers (e.g., Mailshell)
- Email server software and appliance vendors, ISPs, MSPs, e-marketing product and service providers, all which are building their own reputation technology or partnering with one or more of types of the vendors listed above
- United Nations-type trade organizations that work with all of the above in framing Internet protocols (e.g., the Email Sender and Provider Coalition [ESPC] and Messaging Anti-Abuse Working Group [MAAWG])
The volume and complexity of spam email messaging will continue to grow unabated. The average recipient recognizes spam to be a continuing problem; however, one that appears to have subsided in impact because fewer spam messages are being received in the inbox. (Assuming that good enough spam filtering, including some version of sender authentication and reputation, is protecting the recipient's email account.)
The senders of permission-based, honest email (your hospital, educators, retailers, banks, government, civic organization -- even your employer) must take precautions to increase the likelihood that their email messages will reach their recipients -- that is, reach you.
Mahatma Gandhi said that “Honest differences are often a healthy sign of progress.” The fight against spammy email does progress, and an increasing amount of honest email does prevail.
My advice is to avoid spam and malware ills by practicing safe messaging.
- Is the sender who he says he is?
- If so, is your messaging partner trustworthy?