What is sender authentication?Other than a sender's IP address, no information in an email can be verified. It is quite easy to make an exact copy of an email from citibank.com, including a sequence of headers and a genuine logo in the body of an email, then change the content to send recipients to a website that appears to be genuine, but is actually a "Phishing" scam designed to capture names, passwords, and credit card numbers.
- the actual domain from which an abusive message originated can be identified and contacted for further investigation and disciplinary action;
- once a domain has been positively identified, authentication can serve as the basis for building reputation. Combining a reputation system with sender authentication is essential.
Sender authentication protocols exist in two varieties: path-based protocols and cryptographic protocols. SPF and SenderID are examples of path-based protocols, and DomainKeys is an example of a cryptographic protocol.
| 
