section image
News
What Goodmail is proposing is a sort of FedEx for email. The sender gets guaranteed delivery and the promise that it will stand out in the users mailbox. 
Ester Dyson | Journalist 
NEWS

Click to learn more.

Senders – Register for CertifiedEmail Updates

MESSAGING ANTI-ABUSE WORKING GROUP PUBLISHES EVALUATION OF SPF AND SENDER ID E-MAIL AUTHENTICATION SOLUTIONS

MAAWG Technical Committee Publishes First Findings

Wilmington, Del.,- July 11, 2005 --The Messaging Anti-Abuse Working Group (MAAWG), a group of communications and technology companies committed to solving spam, viruses and other forms of messaging abuse, today unveiled the results of more than six months of evaluation of Sender Policy Framework (SPF) and Sender ID e-mail authentication solutions. The results, published by MAAWG's Technical Committee, compare original SPF, current Sender ID and current "Classic SPF" e-mail specifications and provide technical advice - including the risks -- for senders, forwarders and recipients who implement each specification.

“To stop spam, phishing and other forms of messaging abuse, we must first rid the Internet of sender forgery and the use of zombie networks and prevent criminals from hiding behind veils of anonymity,” said Tripp Cox, co-chair of the MAAWG Technical Committee and chief technology officer for EarthLink. “Sender authentication proposals seek to create an environment of validity in e-mail. By evaluating individual authentication solutions objectively and analyzing their strengths and limitations, we can continue to improve their effectiveness.”

He noted that members of MAAWG’s Technical Committee began formally evaluating SPF and Sender ID in October 2004. The collective results, entitled, “Considerations for Implementers of SPF and/or Sender ID,” can be found on MAAWG’s Website at www.maawg.org/about/whitepapers/spf_sendID.

“We believe more evaluation is needed on all authentication protocols, and we are committed to continuing these efforts to end messaging abuse and secure the deliverability of legitimate e-mail,” Cox said.

The MAAWG Technical Committee plans to evaluate DomainKeys Identified Mail (DKIM) and Client SMTP Validation (CSV) authentication protocols later this year.

While MAAWG neither endorses nor discourages the use of SPF or Sender ID, the technical committee’s findings highlight real-world risks to the delivery of legitimate e-mail when the specifications are implemented. The Internet Engineering Steering Group (IESG) classifies each proposal as an “experimental RFC” (Request For Comment), which is not part of the organization’s standards track.

Key considerations published by the MAAWG Technical Committee include:

  • Forwarded or Re-sent mail will fail authentication without further changes to these services, such as re-writing return addresses and adding new headers.
  • Publishers must ensure that their records permit mail from all possible points of origination.
  • Receivers must be aware that authentication does not provide protection against forgery of the most common user-visible mail headers.
  • Receivers must be aware that performing some checks in accordance with Sender ID and SPF Classic may yield inaccurate authentication results due to misinterpretation of the Sender's authorization.
  • Operators providing mail submission services to roaming users (usually, ISPs) may need to forge or add certain headers in order to ensure successful authentication.

MAAWG is the first and only global organization of network operators and messaging service providers working together under voluntary, formal agreements to end messaging abuse. The MAAWG technical committee was chartered to evaluate standards, determine their suitability to address member concerns, provide guidance to members regarding implementation and provide feedback to standards groups on real-world implications.

MAAWG's next general meeting will be held in Montreal, Canada from Nov. 8 to Nov. 10, 2005. For more information on the meeting please go to www.maawg.org

  • Sponsors (Board of Directors)
          America Online
          Bell Canada (Toronto: BC_pa.TO)
          BellSouth (NYSE: BLS)
          Charter Communications (NASDAQ: CHTR)
          Cingular Wireless (NYSE: SBC)
          Cloudmark
          Cox Communications (NYSE: COX)
          Comcast (NASDAQ: CMCSA)
          EarthLink (NASDAQ: ELNK)
          France Telecom (Paris: FTE.PA)
          Goodmail Systems
          Openwave Systems (NASDAQ: OPWV)
          Swisscom Fixnet AG
          Verizon (NYSE: VZ)
          Yahoo!
  • Full Members
          Cablevision
          Cisco Systems
          Internet Initiative Japan (IIJ, NASDAQ: IIJI)
          IronPort
          MX Logic
          Sprint (NYSE: FON)
          Symantec
           Verisign
  • Supporters
         Bigfoot Interactive
         Bizanga LTD
         Checkfree Corporation
         Cincinnati Bell
          DoubleClick, Inc.
          Fortinet Inc.
          Habeas Inc.
          Kelkea, Inc.
          Messagelabs
          NetVision LLC
          Nextel Communications
          Pivotal Veracity
          Omniti Computer Consulting, Inc.
          Return Path, Inc.
          Sendmail
          Singlefin
          Skylist, Inc.
          StrongMail Systems, Inc.
          TDC
          TDS Telecom, TDS Metrocom (AMEX: TDS)
          Word To The Wise
           Yesmail

 

MAAWG Contact

Messaging Anti-Abuse Working Group
572B Ruger Street
P.O. Box 29920
San Francisco, California
94129-0920
Telephone: 1-415-561-6277
Executive Director,
Jerry Upton
jerry.upton@maawg.org

 

About Goodmail Systems

Goodmail Systems makes CertifiedEmail™, the industry standard class of trusted email. CertifiedEmail provides a safe and reliable means for consumers to easily identify authentic messages from legitimate commercial and nonprofit senders. Each CertifiedEmail is sent with a cryptographically secure token that assures authenticity, and is marked in the inbox with a unique blue ribbon envelope icon, enabling consumers to visually distinguish messages which are real and sent from senders with whom they have a pre-existing relationship. Available to senders meeting strict standards for best email practices and low complaint rates, it is the only class of email available that assures delivery of all opt-in email messages to the inbox, with links and images automatically rendered intact, yielding measureable improvements in email program effectiveness. CertifiedEmail has been adopted by seven of the nation’s top ten mailbox providers and 150 government agencies. It is supported in North America and the United Kingdom by a wide network of email platforms and service providers. For more information, please visit www.goodmailsystems.com.


Media Contacts

SHIFT Communications
Nicole Messier, Director
Telephone: 415-591-8448 | Email: goodmailPR@shiftcomm.com