News & Events - MAAWG Release
MESSAGING ANTI-ABUSE WORKING GROUP PUBLISHES EVALUATION OF SPF AND SENDER ID E-MAIL AUTHENTICATION SOLUTIONS
MAAWG Technical Committee Publishes First Findings
Wilmington, Del.,- July 11, 2005 - The Messaging Anti-Abuse Working Group (MAAWG), a group of communications and technology companies committed to solving spam, viruses and other forms of messaging abuse, today unveiled the results of more than six months of evaluation of Sender Policy Framework (SPF) and Sender ID e-mail authentication solutions. The results, published by MAAWG's Technical Committee, compare original SPF, current Sender ID and current "Classic SPF" e-mail specifications and provide technical advice - including the risks -- for senders, forwarders and recipients who implement each specification.
“To stop spam, phishing and other forms of messaging abuse, we must first rid the Internet of sender forgery and the use of zombie networks and prevent criminals from hiding behind veils of anonymity,” said Tripp Cox, co-chair of the MAAWG Technical Committee and chief technology officer for EarthLink. “Sender authentication proposals seek to create an environment of validity in e-mail. By evaluating individual authentication solutions objectively and analyzing their strengths and limitations, we can continue to improve their effectiveness.”
He noted that members of MAAWG’s Technical Committee began formally evaluating SPF and Sender ID in October 2004. The collective results, entitled, “Considerations for Implementers of SPF and/or Sender ID,” can be found on MAAWG’s Website at www.maawg.org/about/whitepapers/spf_sendID.
“We believe more evaluation is needed on all authentication protocols, and we are committed to continuing these efforts to end messaging abuse and secure the deliverability of legitimate e-mail,” Cox said.
The MAAWG Technical Committee plans to evaluate DomainKeys Identified Mail (DKIM) and Client SMTP Validation (CSV) authentication protocols later this year.
While MAAWG neither endorses nor discourages the use of SPF or Sender ID, the technical committee’s findings highlight real-world risks to the delivery of legitimate e-mail when the specifications are implemented. The Internet Engineering Steering Group (IESG) classifies each proposal as an “experimental RFC” (Request For Comment), which is not part of the organization’s standards track.
Key considerations published by the MAAWG Technical Committee include:
- Forwarded or Re-sent mail will fail authentication without further changes to these services, such as re-writing return addresses and adding new headers.
- Publishers must ensure that their records permit mail from all possible points of origination.
- Receivers must be aware that authentication does not provide protection against forgery of the most common user-visible mail headers.
- Receivers must be aware that performing some checks in accordance with Sender ID and SPF Classic may yield inaccurate authentication results due to misinterpretation of the Sender's authorization.
- Operators providing mail submission services to roaming users (usually, ISPs) may need to forge or add certain headers in order to ensure successful authentication.
MAAWG is the first and only global organization of network operators and messaging service providers working together under voluntary, formal agreements to end messaging abuse. The MAAWG technical committee was chartered to evaluate standards, determine their suitability to address member concerns, provide guidance to members regarding implementation and provide feedback to standards groups on real-world implications.
MAAWG's next general meeting will be held in Montreal, Canada from Nov. 8 to Nov. 10, 2005. For more information on the meeting please go to www.maawg.org
- Sponsors (Board of Directors)
- America Online
- Bell Canada (Toronto: BC_pa.TO)
- BellSouth (NYSE: BLS)
- Charter Communications (NASDAQ: CHTR)
- Cingular Wireless (NYSE: SBC)
- Cloudmark
- Cox Communications (NYSE: COX)
- Comcast (NASDAQ: CMCSA)
- EarthLink (NASDAQ: ELNK)
- France Telecom (Paris: FTE.PA)
- Goodmail Systems
- Openwave Systems (NASDAQ: OPWV)
- Swisscom Fixnet AG
- Verizon (NYSE: VZ)
- Yahoo!
- Full Members
- Cablevision
- Cisco Systems
- Internet Initiative Japan (IIJ, NASDAQ: IIJI)
- IronPort
- MX Logic
- Sprint (NYSE: FON)
- Symantec
- Verisign
- Supporters
- Bigfoot Interactive
- Bizanga LTD
- Checkfree Corporation
- Cincinnati Bell
- DoubleClick, Inc.
- Fortinet Inc.
- Habeas Inc.
- Kelkea, Inc.
- Messagelabs
- NetVision LLC
- Nextel Communications
- Pivotal Veracity
- Omniti Computer Consulting, Inc.
- Return Path, Inc.
- Sendmail
- Singlefin
- Skylist, Inc.
- StrongMail Systems, Inc.
- TDC
- TDS Telecom, TDS Metrocom (AMEX: TDS)
- Word To The Wise
- Yesmail
| For further information, contact: | ||
| Messaging
Anti-Abuse Working Group 572B Ruger Street P.O. Box 29920 San Francisco, California 94129-0920 Telephone: 1-415-561-6277 Executive Director, Jerry Upton jerry.upton@maawg.org |
Contact: Carla
Shaw Nicole Arena |
|