1. Field of the Invention
The present invention relates generally to e-mail security. In particular, the present invention is directed toward the registration and subsequent authentication of senders of e-mail.
2. Description of Background Art
The wide availability of domain name addresses for purchase has led to the nefarious practice of “phishing”, in which a bad actor sends e-mails that appear to be from a reputable source and typically encourage the recipient to click on a link within the e-mail message and provide personal information to the sender. For example, the domain names “bank-of-america-online.com”, “chasebank.cc”, “my-citibank.us” are a sample of legitimate-sounding names that are currently available to the public for purchase.
Because the DNS records of a domain are under the control of the domain owner, messages sent from the domain will be marked as legitimate by conventional domain authentication schemes such as the Sender Policy Framework (SPF), the Sender ID Framework, DomainKeys, and Identified Internet Mail. That is, if a sender purchases the “bank-of-america-online.com” domain and sends an e-mail with a From header of “customerservice@bank-of-america-online.com”, the message will be authenticated because it is indeed from who it claims to be from—the owner/operator of the bank-of-america-online.com domain.
Additionally, some e-mail programs (such as Microsoft's Hotmail, for example) display messages in an inbox using only the “display” string of an e-mail address, which is configurable by the sender. So, for example, an e-mail from phisher@bank-of-america-online.com could be configured by the sender to have a display name of “B of A Customer Service”, in order to entice the recipient to open the message and follow links contained within.
Further, even if the source of an e-mail is known to be trustworthy, e-mail can suffer from a lack of consistent branding, which can be undesirable for both the sender and recipient alike. For example, consider a fictitious bank named “First Street Bank, Inc.” If the bank's domain name is “fsbank.com”, a branding opportunity is lost, since the domain name is not the same as the company name. In addition, display names may be non-standardized across different senders or different departments of the bank. For example, a user might receive e-mail from a sender at the bank with a display name of “Credit Card Offers”, or e-mail from another sender at the bank with a display name of “First Street Bank Updates”. Neither the display names nor the domain name clearly connote to the recipient that the e-mail is from “First Street Bank, Inc.” One approach to resolving this difficulty includes using the header field “X-Organization,” but this solution suffers from some of the same drawbacks, since it is neither standardized nor independently authoritative.
It would be of great assistance to e-mail recipients if a system and method existed for reliably accrediting and identifying senders of electronic mail messages.