Field of Art
The disclosure generally relates to the field of electronic messaging, and specifically to centralized validation of email senders via EHLO name and IP address targeting.
Description of Art
In distributed messaging systems like email, the actual originator of a message may be validated against the message's purported identity in order to eliminate fraudulent messages. Examples of such fraudulent messages may include “phishing” emails that purport to be from a particular sender but in fact have a spoofed sender address and are sent from a malicious entity that may wish to perform some fraudulent activity against the recipient (e.g., steal personal information). One approach to this validation problem is to enable the owner of the sending identity to create a set of rules defining which computers are allowed to relay emails to the recipient's email server. Sender Policy Framework (SPF) is the standard implementation of this approach for email. A sending identity publishes these SPF rules via the Domain Name System (DNS) such that a receiving mail server may be able to access them in order to validate the sender's identity of received messages.
While this approach can be effective, it places substantial burdens on the receiving system and introduces challenges with the use of valid intermediaries (e.g. mailing lists, ‘lifetime’ email accounts). For example, a mailing list server may be asked to forward a message from an original sender, however, the mailing list server is not identified by the original sender as a valid sender. It is simply not feasible for receiving systems to check more than a few such rules when validating a message, even though a complete rule set might require hundreds or even thousands of rules.
SPF also includes tight limits on the number of Domain Name System (DNS) lookups that are allowed, in order to limit the burden on receiving systems, but this comes at the cost of failing to validate some legitimate messages. Other techniques, like Sender Rewriting Scheme (SRS), replace the original sender with an intermediate identity that can be validated with a more restricted rule set. While this minimizes the burden on the receiving system, it does not validate the message against the originator's identify.
Hence, what is lacking is an ability to allow the definition of arbitrarily large and complex rule sets for sender identity verification, without unduly burdening receiving systems, and which is compatible and interoperable with existing frameworks.