• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Authentication & Reputation, Adding Business Value In The Real World
 

Authentication & Reputation, Adding Business Value In The Real World

on

  • 3,274 views

...


Track: SECURITY, PRIVACY, COMPLIANCE | 1:30 PM - 2:30 PM

S3: Authentication and Reputation: Adding Business Value in the Real World

It's not a secret that the adoption of authentication and reputation standards is hitting critical mass in organizations around the globe. Almost 40 percent of all email is authenticated with Sender ID and/or DKIM, but what does that mean to an organization? Is authenticated email helping businesses improve efficiencies and protect their inboxes?

Attendees will learn the direct impact authentication and reputation can have on business goals and bottom lines. From brand protection to deliverability to curtailing spam, learn how adopting and taking action based on authentication and reputation can dramatically affect businesses on many levels.

MODERATOR: Patrick Peterson, VP Technology, IronPort

PANELIST: Barry Abel, VP of Field Operations, Message Systems

PANELIST: Bill McInnis, Director, Message Level

PANELIST: Alberto Mujica, President and CEO, Reputation Technologies Inc.

Statistics

Views

Total Views
3,274
Views on SlideShare
3,272
Embed Views
2

Actions

Likes
1
Downloads
97
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Authentication & Reputation, Adding Business Value In The Real World Authentication & Reputation, Adding Business Value In The Real World Presentation Transcript

  • Authentication & Reputation – Adding Business Value in The Real World
  • Agenda
    • Introductions & Agenda Review
    • The Big Picture
    • IP-based Blocklists and Reputation
    • Domain-based Authentication & Reputation
    • The Future
    • Q&A
  • Introductions
    • Patrick Peterson, Vice President Technology, IronPort Systems
    • Alberto Mujica, President and CEO, Reputation Technologies, Inc
    • Barry Abel, VP of Field Operations, Message Systems
    • Bill McInnis, Director, Message Level
  • The Big Picture REPUTATION CERTIFICATION 1 4 Who do you claim to be? Validate Identity Risk of badness/probability of goodness based on historical factors Third-party affirmation Make decision, take action IDENTITY ACTION 2 AUTHENTICATION 3
  • Identity
    • Patrick Richard Peterson
      • Allow onto airplane?
      • Allow into USA?
      • Owner of house on Whitney Street, San Francisco, CA?
    • IronPort Systems
      • Credit worthy?
    • www.cisco.com
      • Authorized resellers?
  • Authentication (of Identity)
    • Handshake
    • Photograph
    • Chip
    • Fingerprint
    • Signature, Notary
    • Retina scan
  • Consumer Credit Reputation
    • Three Credit Bureaus sell credit reports
    • Fair Isaac provides underlying technology
      • “ Fair Isaac Corporation (NYSE: FIC) is the leading provider of decision management solutions powered by advanced analytics. … Today, the company’s solutions, software and consulting services power more than 180 billion smarter business decisions each year for companies worldwide.”
  • Business Credit Reputation
    • D&B ( NYSE:DNB ) is the world’s leading source of commercial information and insight on businesses, enabling companies to Decide with Confidence® for over 165 years.
  • Certification
    • Third-party that certifies (accredits) that an entity complies with certain standards or practices
  • Facts about IP Based Authentication
    • Not really authentication, better referred to as identification
    • Difficult or impossible to spoof
    • IP based identification runs into limitations when
      • Senders are on shared email servers (Like giving a license to a car and not a person)
      • Behind proxies
      • Senders would like to send different kinds of messages from the same IP
    • RBLs provide Good/Bad responses, not a range of responses
  • Current Situation with IP Based Authentication
    • DKIM and/or SPF authentication are prerequisites for domain based authentication and therefore reputation
    • Once either SPF and/or DKIM are widely adopted reputation can be based on domain names
    • Email reputation providers like ReturnPath, Habeas and Reputation Technologies require static IP addresses
    • Because SPF and DKIM are not yet over the tipping point email reputation providers like ReturnPath, Habeas and Reputation Technologies have to use IP identification instead of domain authentication
  • Barry Abel, Message Systems VP Field Operations
  • Authenticating Domains
    • SenderID and DKIM
    • Both work to verify that every e-mail message originates from the Internet domain from which it claims to have been sent.
  • SenderID
  • DKIM
  • Current Status of DKIM & Sender ID
    • DKIM
    • The Internet Engineering Task Force (IETF) made DKIM a standard in May 2007
    • Already in wide use
    • Sender ID*
    • Every day, 20 million forged messages are detected by Sender ID-enabled domains.
    • Reputable marketers that have adopted Sender ID have realized improved deliverability, with up to 85 percent fewer messages mistakenly marked as spam in Windows Live Hotmail.
    • With spam increasing 40 percent in the past 12 months, spam in Hotmail users’ inboxes has actually been reduced by 50 percent; Sender ID contributed 8 percent of that reduction.
    • *Microsoft news release dated 5/18/07
  • Why Use Domain Authentication
    • ISP are using various technologies to protect their customers and themselves.
    • Like going into battle ISP need multiple layers of protection
      • Authentication/Reputation
      • Anti-spam
      • Anti-virus
      • Policy Enforcement
    • To gain access through these lines of defense you need to have the same technologies.
    • Bill McInnis
    • Director, Message Level
  • DO SOMETHING!!!
    • Strongly worded suggestions being offered by Associations for members to implement SPF and DKIM
      • DMA, BITS, ESPC
        • Example: BITS is recommending TLS, SPF, SIDF and DKIM within 18 months
    • Associations can talk 10x faster than their constituents can move
    • Many ISPs are committed to using authentication to evaluate email
      • Hotmail
      • Yahoo/Gmail
  • SPF and DKIM pros
    • SPF
    • Allows companies to identify mail servers where mail is authorized to come from
    • Relatively easy for senders to support
    • Many ISPs utilize SPF as a factor in email delivery
    • DKIM
    • More heavyweight solution
    • Allows a company to cryptographically sign an email
    • Allows ISP’s to identify signatures and associated messages that compute correctly and handle those messages different
  • SPF and DKIM Cons
    • SPF
    • Breaks some current use cases of email – Forwarding, etc
    • Senders don’t know what receivers are doing, if anything
    • Doesn’t not protect anything the end users sees – 2821 address (xyz.com) 2822 address (chase.com) – Does this make SPF worth much of anything?
    • DKIM
    • Doesn’t break forwarding - No reliable replay protection –
    • Potential for signature breakage
    • Cannot reliable detect bad messages
    • No data for senders
    • Many traditional problems associated with PKI key propagation and changes
  • Authentication Alone Creates a False Sense of Security Delivered-To: [email_address] Received: by 10.67.65.8 with SMTP id s8cs550968ugk; Tue, 8 May 2007 10:05:35 -0700 (PDT) Received: by 10.90.105.19 with SMTP id d19mr6545698agc.1178643934853; Tue, 08 May 2007 10:05:34 -0700 (PDT) Return-Path: [email_address] Received: from mail03.bankofamerica.cl (mail03.bankofamerica.cl [200.75.25.175]) by mx.google.com with ESMTP id 14si2200432wrl.2007.05.08.10.05.33; Tue, 08 May 2007 10:05:34 -0700 (PDT) Received-SPF: pass (google.com: domain of administrator@bankofamerica.cl designates 200.75.25.175 as permitted sender) From: "Bank of America" [email_address] To: [email_address] Subject: Reactivate your Account