Electronic mail, also commonly referred to as “email” or “e-mail”, is increasingly utilized as an electronic form of communication via the Internet. Spam is unsolicited email often sent to email distribution lists that include a large number of users' email addresses. Spam is similar to telemarketing and is the electronic equivalent of “junk mail” used to advertise products and services, request charitable donations, or to broadcast some political or social commentary. Spamming is the practice of sending an unsolicited email message to large numbers of email addresses indiscriminately. Spam emails are often unwanted by the many recipients and are considered a waste of not only the recipients' time, but network bandwidth.
Spam email can also appear to be from a trusted site because a spammer can spoof the domain name from which the spam email originates. Domain spoofing is often used so that a recipient will think a spam email comes from a legitimate source. A recipient may be tricked into opening a spam email that is not from the trusted sender the email purports to be from. The SMTP (Simple Mail Transfer Protocol) does not authenticate the sender of an email message and a spam email from a spoofed domain name may not be detected as a spam email. For example, there is no guarantee that an email which appears to be from msn.com is actually from MSN.
SenderID is a particular authentication protocol for email designed to protect against domain spoofing. A spammer can forge, or spoof, the domain that an email purports to be from, but can not forge the IP (Internet protocol) address of the computer that sends an email message. For SenderID, a domain that sends email publishes a list of IP addresses of the computers that are allowed to send email for the domain. This list of IP addresses is stored as a TXT record in the DNS (Domain Name Server) system which is part of the Internet infrastructure and a repository of information about domains. The DNS system primarily maintains the mapping between symbolic domain names and corresponding IP addresses.
When an email message is received by an inbound email server, the server obtains the sending computer's IP address and extracts the domain that the email purports to be from. The domain that the email purports to be from is identified as the purported responsible domain (PRD). The inbound email server obtains the SenderID record for the PRD from the DNS and determines whether the IP address is on that list of IP addresses allowed to send email from the particular domain. If so, the sender has been authenticated. The authentication status can then be used to determine what to do and/or where to route the email message. The email can be deleted, delivered to the intended recipient's junk email folder, or delivered to the intended recipient's Inbox.
Although SenderID is a step forward to detect spam emails, SenderID on its own does not prevent spammers from generating and attempting to distribute spam emails. For example, a spammer can setup SenderID for a domain (e.g., publish a list of the server IP addresses associated with the domain to send out email) and then use the domain to send spam emails. A spam email from the spammer that owns the domain can be authenticated (e.g., passed as a legitimate email) because the email is communicated through a service provider that has an IP address matching the DNS record for the domain. However, an authenticated spam email is still an unwanted spam email.
Alternatively, an email that is not authenticated is not necessarily a spam email. The email may not be identifiable by SenderID, but instead may be communicated through a third-party service provider that is not currently recognized by the SenderID protocol. Accordingly, a SenderID “pass” does not always indicate that an email is a legitimate email, and a SenderID “fail” does not always indicate that an email is a spam email.