ID is key in phishing battle

By

Don’t lower your guard – criminals will always find new ways to perpetrate fraud

How do we defend against growing fraud on the internet? Many organizations post phishing and education alerts on their websites, but more robust approaches are necessary to mitigate the risk.

ID is key in phishing battle

Sender authentication tools are available for email users that screen incoming email against authorized sender lists (whitelists), making sure that the sender is who they claim to be.

Some of these tools also provide disposable email addresses that may have whitelists associated with each address. This lets the user stop spam if the disposable email address is compromised.

There have been two main competing forces lobbying for an industry standard for reducing spam and better domain authentication. They are Microsoft's Sender ID Framework and SPF, and Yahoo! and Cisco's DomainKeys Identified Mail (DKIM).

The Sender ID Framework validates the domain, where the receiver queries the outbound email server of the chosen domain and performs a domain spoofing test. It does not determine whether the domain is "good" or "bad," so if a spammer properly registers with DNS they will be considered a valid domain.

DKIM uses cryptography-based authentication, adding a public key to the DNS record. It validates the message, not just the path, and is extensible from a domain approach to a per-user signing approach.

Implementation of either approach requires thoughtful planning and changes to the DNS record. SPF standards are available now and DKIM will be available in 2006.

But don't lower your guard too early. The one thing you can be sure of is that the cybercriminals will continue to find new ways to perpetrate fraud.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?