Anti-Spam Firms Tie Sender ID to Reputation

What follows email authentication? Many believe once email recipients are certain who sent a message, they’ll still need to determine whether that sender is a good guy or a bad guy. That’s the idea behind separate announcements due out Thursday from spam-fighting firms IronPort Systems and Cloudmark.

Each firms says it will tie Sender ID-authenticated domains to information in their respective reputation databases. This would allow email recipients to judge what treatment an email message should receive after it’s been authenticated.

“Sender ID’s success is contingent on broad industry participation and we need strong tools in place within the industry to help build this kind of authentication into the technology infrastructure,” said Ryan Hamlin, general manager of Microsoft’s safety technology and strategy team, in a statement.

The announcements come as members of the E-Mail Service Providers Coalition (ESPC) meet at Microsoft headquarters to discuss the Microsoft-supported email authentication standard. Both Cloudmark and IronPort are taking part in the discussions at the “Sender ID Summit.”

Sender ID is a system meant to allow email recipients to verify that messages actually come from the domain they purport to be from. Senders publish information in their DNS records identifying the IP addresses they use to send mail. When a message comes in purporting to be from a certain domain, the receiving system checks the DNS to make sure everything matches up.

While authentication is thought to be the first step in battling phishing, spoofing and spam, the reputation element is widely considered to be step two.

IronPort is tackling the reputation problem by building it into its “Reputation Filters,” part of the company’s C-series email security appliances. Nearly 20 percent of the world’s email goes through IronPort’s email appliances, the company says. IronPort’s technology rates incoming messages on a scale between -10 and +10, examining a wide variety of factors to make that determination. Senders who publish Sender ID records can see their reputation scores go up as much as three points, according to Craig Sprosts, senior product manager at IronPort.

“We look at a whole host of different factors to determine that reputation,” said Tom Gillis, senior VP of marketing at IronPort. “They all get folded into a sophisticated algorithm that says ‘friend or foe.'”

Sender ID information will also be added to SenderBase, the company’s publicly available site that monitors global email traffic patterns. It will also be added to the list of best practices for the company’s whitelist, the Bonded Sender program, though it won’t be a requirement.

Cloudmark is making its reputation calculations on Sender ID-authenticated domains publicly available. The company uses its peer-to-peer network of more than a million users as a sort of early-warning system against spam. When users receive a spam email, they flag it as such, allowing Cloudmark to immediately begin blocking the offending email from other users’ inboxes.

Cloudmark will now take that real-time data and tie it to domain names, in a system it calls Cloudmark Rating for Sender ID. After an email’s sender is authenticated, Cloudmark will allow free queries to its system, which will return three possible results: good bad, or not enough information. A positive reply indicates the sender domain has a good reputation, while a negative reply would say a sender domain has a bad reputation. The last ambiguous reply would be returned if Cloudmark didn’t have enough information to make a determination. The company is making available instructions on how to query its reputation database at

Related reading