Technologies of authentication (system of the code of the sender (SIDF) and identification of mail key of the domain (DKIM)

SIDF technology

SIDF is constructed on the basis of the IP protocol and integrates Microsoft Caller ID for E-mail technologies (the identifier of the sender of mail from Microsoft) and SPF (a framework of policy of the sender).

The SIDF mechanism tries to define that the message was sent by the sender specified in letter heading. And the sending server should be in the list of servers, it is authorized to them to send mail. SIDF requires entering of special text records (SPF records) into the file of the zones DNS. Records are made by provider or the owner of the domain. Each such record should include the list of all authorized servers of outgoing mail (with indication of the domain and the corresponding IP addresses). The accepting server checks existence of the record SPF for the entrance domain. Check is executed automatically, still before the letter was included in the folder Entering. If the address of the outgoing server is found, then the letter underwent testing, otherwise it is carried to spam or a phishing.

On assurance of Microsoft, the SIDF technology orthogonally also does not require change or software updating of the server and the client (No outbound server, client changes and no user interaction). However, as practice showed, using SIDF not everything is so smooth, predictably. Clients who need to implement authentication should update the system of incoming messages and MTA and to unroll means of support of SIDF. SIDF can keep service of system administrators in constant voltage, and housekeeping overheads can be very big. Legitimate messages which did not undergo testing for authenticity can become a headache for clients. Besides, to SIDF technology there are some license claims and also it has problems with readdressing and is inconvenient for the infrastructures including different types of SMTP servers.

DKIM technology

DKIM integrates the Yahoo! DomainKeys specifications (domain keys of Yahoo!) and IIM (identification of Internet mail) from Cisco corporation.

DKIM is a technology of authentication through the encoded signature by which all outgoing messages are followed. DKIM provides also integrity of mail delivery. The signature of DKIM precedes all headings of the letter and includes data from visible fields: From, To, Sender, Subject and Date. The legitimacy of the digital signature is checked automatically. At the same time the host party can prohibit acceptance of unsigned messages in general. For adding of the signature in outgoing mail the private key of the domain is used. The public key of the domain is added to the records DNS. For authentication of a source the client takes a name of the domain from the signature and requests public key from DNS. Using a read key the DKIM signature forms and it is compared to received. If signatures match, then the analysis of content is carried out and the message is sent to the recipient, otherwise, it belongs to spam or a phishing.

Unlike SIDF, DKIM is based on a domain name, stabler, than the IP address. The DKIM setup is more difficult, than the SIDF setup. At the same time, DKIM has no problems with readdressing which are suffered by SIDF. But, unlike SIDF, implementation of DKIM requires modification of software of the server and the client. The last is considered by many as a considerable shortcoming. Besides, DKIM requires the frequent appeal to DNS and increases a system overhead projector at message handling.

The SI technology is SenderInspector plug-in

SI is the plug-in for Windows Server 2008/2003 allowing to suppress outgoing spam. SI is not an authentication mechanism, its purpose to eliminate defect of SMTP, namely, absence source addresses are sewn up.

SI technology essence in the following. In IIS outgoing messages are sent through libraries: CDO, ColdFusion, .Net.Mail and so forth SI is a superstructure over them and SMTP which eliminates a possibility of mailing of letters from the false sender. SI intercepts HTTP requests and traces the real address of sending. IIS can use anonymous authentication. SI allows to find the spammer even if it sends letters anonymously. SI expands possibilities of IIS and offers two a tool antispam: return address and mail magazine. The return address - the hidden heading in outgoing letters which supports FQDN of the website of the real sender. The return address is transparent for filters of the client and the server. SI adds it to letters to a raid. The mail magazine - the text database in the XML format. The DB nodes are arranged by the number of letters with indication of the return address. Spammers send a large number of letters and can be easily found at magazine top. The service ABUSE manages the mail magazine. At the same time the final receiver can easily take the return address from the letter and send its ABUSE.

SI is the facilitated solution which is almost not inferior to brands. SI does not provide authentication, and solves the main task and disarms the spammer, showing all the true sender. At the same time SI have no shortcomings mentioned above. It initially has no problem of the readdressing inherent in SIDF and allowing spammers to continue to distribute undesirable messages. SI does not require modification of software of the server and the client and actually does not need service. SI is established only on the server, and practically for one click. The return address of SI is transparent for software of the client and the server. Moreover, it is possible even to refuse authorization when mailing letters. However SI increases the general overhead projector (it is necessary to add heading to the letter). SI is the tested tool used by a large hosting. Shortcomings of SI: low-popularity and orientation only to IIS.

Page of the author of SI here.

Elena Romanova. 22.12.2012

P.S

Pay attention that the technologies described above in itself do not solve a problem of spam or a phishing. They allow you to avoid only replacement, modification or counterfeit of a source address.