It is a relatively simple process to falsify the source of an e-mail message. For example, an e-mail message from an unscrupulous party may be sent with a source address of a respected bank. The recipient of the message, believing that the message was really sent from that respected bank, may follow links contained in the message to open an account by supplying personal information such as name, address and a social security number. In fact, the links contained in the message take the recipient who follows them to a sever operated by the unscrupulous party, which has been carefully designed to appear as though it is operated by the respected bank. The unscrupulous party takes the information supplied by the recipient of the e-mail message and uses it to obtain credit from a different party in the recipient's name. The party supplying the credit checks the information supplied by the unscrupulous party against a database, and realizing it is authentic, supplies the credit to the unscrupulous party. The unscrupulous party can then use the credit to steal goods or services that the unscrupulous party resells.
Certain techniques allow the recipient of the e-mail message to authenticate the message if that party has a prior relationship with the respected bank or other sender of the message. However, if there is no such relationship, conventional techniques do not allow the recipient to authenticate the e-mail message.
What is needed is a system and method that can allow a recipient of an e-mail message to authenticate an e-mail message, whether or not that recipient has a prior relationship with the purported source of the e-mail message.