• CipherTrust IronMail
• CipherTrust Edge
• CipherTrust IronIM
• CipherTrust IronNet
• CipherTrust Radar
• CipherTrust Managed Services
• TrustedSource Toolbar
• UTM/Firewall/VPN
• Secure Content Mgmt
• Identity & Access Mgmt

  Security & Inbound
  Protection

• Anti-Spam
• Anti-Virus
• Anti-Phishing
• E-mail Firewall & IPS

  Compliance & Outbound
  Protection

• CipherTrust Compliance
• CipherTrust Encryption

  Technologies

• TrustedSource
• Message Profiler
• Connection Control
• ThreatResponse
• Secure WebMail

  Additional Services

• Consulting
• Education

Sender ID Framework

The Sender ID Framework is an industry standard created to provide greater protection against fraud such as phishing schemes. Sender ID counters e-mail domain spoofing by validating that the sender of an e-mail message is actually who they appear to be.

Domain spoofing refers to the use of someone else's domain name when sending a message and is part of the larger problem of spoofing (the practice of forging the sender's address on e-mail messages). Domain spoofing can also be used by malicious individuals in phisher scams, which try to lure consumers into divulging sensitive information by pretending the e-mail is from a trusted source, such as a consumer's bank.

The Sender ID Framework is tasked with verifying that each e-mail message originates from the Internet domain from which it claims to come based on the sender's server IP address. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail and phishing scams.

Sender ID will have a big impact on e-mail security. It helps e-mail senders to protect their brand and domain names from spoofing and phishing. It allows e-mail recipients to validate the origin of mail. It provides more information for anti-spam products to make a spam filtering decision. It provides a foundation for the reliable use of domain names in accreditation, reputation systems & safe lists.

Sender ID is the result of a collaboration between Microsoft and two innovative proposals for validating sender domains. Sender ID combines Microsoft's Caller ID for E-Mail proposal, Meng Wong's Sender Policy Framework (SPF), and a third specification called the Submitter Optimization. These three draft technical specifications were recently submitted to the Internet Engineering Task Force (IETF) and other industry organizations for review and comment.

CipherTrust has been an early supporter of sender domain validation. CipherTrust began offering support for the anti-spoofing and anti-phishing protocol SPF in the IronMail product in February of 2004, immediately after Meng Wong announced his proposal. Already many of CipherTrust’s customers have adopted the protocol. In order to protect its customers from spoofing and phishing attacks, CipherTrust’s IronMail currently incorporates SPF as part of it's correlation engine, the Spam Profiler, used to identify unwanted messages. CipherTrust will support the Sender ID Framework in the next service release of version 5.0 of the award-winning IronMail appliance, scheduled for October of this year.

In addition, CipherTrust Chief Technology Office, Dr. Paul Judge, served as founder and chartering chairman of the Internet Research Task Force’s Anti-Spam Research Group (ASRG) in March 2003, out of which the original proposals leading to Sender ID's predecessor, SPF, were borne. To learn more about Sender ID, visit www.microsoft.com/senderid.