Thursday, 11 November 2004 11:05 EST

Fortune 1000 Continues to Deploy E-Mail Authentication Standard as Defense against Spoofing Techniques Used in Phishing Attacks

ATLANTA, November 10, 2004 – CipherTrust, the leader in messaging security, today released data on the adoption of the Sender ID Framework and the implementation of the Sender Policy Framework (SPF) text record. The analysis is based on more than 10 million real-world e-mail messages sent during the month of October to companies worldwide that use IronMail, CipherTrust’s award-winning messaging security appliance. The new study shows that corporations are steadily adopting Sender ID, with 23 additional Fortune 1000 companies publishing SPF records since CipherTrust last reported on the deployment of the e-mail authentication standard in August, representing an increase of nearly 75 percent in three months.

This progress is critical as e-mail authentication provides an effective means of stopping Internet Protocol (IP) spoofing, a technique used by criminals to execute phishing attempts that lure e-mail recipients into providing personal information. CipherTrust strongly supports the deployment of Sender ID, including the registration of SPF records, to prevent fraudulent use of registered domain names and to detect IP addresses that do not match a company’s authentication record.

”This adoption of the Sender ID Framework and the publishing of SPF records is a testament to the broad industry and business commitment to e-mail authentication,” said Craig Spiezle, director of Microsoft Safety Technology and Strategy team. “E-mail authentication today is critical to reassuring consumers’ online confidence while protecting the brand and reputation of businesses.”

The new research demonstrates that Sender ID remains successful in identifying fraudulent e-mails that utilize IP spoofing, and for building reputation and accreditation services. In fact, each day more than three million spoofed e-mails are identified and blocked by IronMail because they have failed SPF checks, and never make it into end users’ inboxes. A secondary benefit of spammers publishing their SPF records is the enhancement of enforcement and investigative efforts by having the ability to verify the identity of the sender. Further details about CipherTrust’s most recent study can be found at http://www.ciphertrust.com/sidf_stats.

Last week, CipherTrust and other industry and business leaders, including Amazon, eBay, Microsoft, EarthLink and Bank of America, together sent a letter to the FTC urging continued support of e-mail authentication and Sender ID. The letter demonstrates widespread industry support of Sender ID as a first step in e-mail authentication and issued a call to action for all businesses and e-mail senders to adopt the Sender ID Framework and publish their SPF records today.

Additionally, the letter’s signers committed to advance and collaborate on signing technologies such as Cisco's Internet Mail and Yahoo's DomainKeys, to complement the Sender ID Framework for a higher level of e-mail authentication. For additional information on how to review and implement these e-mail authentication alternatives, please visit www.truste.org/authentication.

While CipherTrust strongly recommends the deployment of Sender ID and registration of SPF text records, e-mail authentication is only part of a comprehensive enterprise e-mail security approach. More than 1200 enterprises have deployed CipherTrust’s IronMail, which utilizes a variety of real-time techniques and defenses within their arsenals to fight spam, fraud, viruses and other threats.

“Businesses around the world face the very serious risk of having their brands hijacked, and then used by phishers and spammers to victimize their own customers,” said Paul Judge, chief technology officer at CipherTrust. “E-mail authentication, in particular the Sender ID framework, is a critical component of eliminating spoofing, a primary element used in phishing and spam attacks. In addition to deploying e-mail security gateways like IronMail to protect their employees and messaging infrastructures, every enterprise should make it a priority to deploy Sender ID and register SPF records to safeguard their brand and customers.”

As the leading messaging security provider with more than 30 percent of the Fortune 100 among its customer base, CipherTrust remains at the forefront of industry cooperation to combat Internet fraud attempts like phishing, and to eliminate spam and other e-mail threats. CipherTrust’s Dr. Judge served as founder and chartering chairman of the Internet Research Task Force’s Anti-Spam Research Group (ASRG), out of which the original proposals leading to SPF were developed. In February, CipherTrust became the first e-mail security vendor to incorporate SPF into its product, and has outlined product plans to support the Sender ID Framework.

CipherTrust has published additional research related to the ongoing fight against malicious phishing attempts. Last month, CipherTrust found that fewer than five zombie network operators are responsible for all Internet phishing attacks worldwide. It revealed that these zombies were predominantly based in the United States---home PCs connected to the Internet with a broadband connection. To view all of CipherTrust’s published research, visit http://www.ciphertrust.com/resources/statistics/index.html.

About CipherTrust CipherTrust is the leader in messaging security. Recognized as the market leader by IDC, the Company’s award-winning IronMail appliance protects the messaging systems of more enterprise e-mail users than any other solution, including more than 30 percent of the Fortune 100. CipherTrust pioneered messaging security by uniquely combining the five critical e-mail security components of spam and fraud prevention, virus and worm protection, policy and content compliance, e-mail privacy, and intrusion prevention into a single easy to deploy and manage platform. The Company is backed by top tier investors including Battery Ventures and Greylock Partners. For more information about CipherTrust, please visit www.ciphertrust.com or call .