Trusted Email Open Standard

Last updated

The Trusted Email Open Standard (TEOS) is an anti-spam technique proposed by the ePrivacy Group in 2003 at the Federal Trade Commission Anti-Spam Summit.

ePrivacy Group was a privacy consulting and anti-spam technology firm, founded in 2000 by David Brussin, Stephen Cobb, James Koenig, Michael Miora, and Vincent Schiavone. The team was later joined by privacy pioneers Ray Everett and Terry Pittman.

Federal Trade Commission Government agency

The Federal Trade Commission (FTC) is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act. Its principal mission is the promotion of consumer protection and the enforcement of civil (non-criminal) U.S. antitrust law through the elimination and prevention of anticompetitive business practices, such as coercive monopoly. It is headquartered in the Federal Trade Commission Building in Washington, D.C.

Edited by Stephen Cobb, CISSP, the 35-page white paper describing the standard was downloaded more than 30,000 times between publication in April 2003 and the end of that year. Many elements of TEOS later appeared in the letter that Microsoft CEO Bill Gates submitted to U.S. Senate Commerce Committee hearings on anti-spam legislation. [1] The letter outlined Microsoft's position on how the spam crisis should be handled. [1]

Stephen T Cobb

Stephen Cobb is an expert on security, privacy, and related topics.

At its most basic level, TEOS proposes a framework of trusted identity for email senders based on secure, fast, lightweight signatures in email headers, optimized with DNS-based systems for flexibility and ease of implementation. TEOS also provides a common-language framework for making trusted assertions about the content of each individual message. ISPs and email recipients can rely on these assertions to manage their email. [2]

Related Research Articles

Email Method of exchanging digital messages between people over a network

Electronic mail is a method of exchanging messages ("mail") between people using electronic devices. Invented by Ray Tomlinson, email first entered limited use in the 1960s and by the mid-1970s had taken the form now recognized as email. Email operates across computer networks, which today is primarily the Internet. Some early email systems required the author and the recipient to both be online at the same time, in common with instant messaging. Today's email systems are based on a store-and-forward model. Email servers accept, forward, deliver, and store messages. Neither the users nor their computers are required to be online simultaneously; they need to connect only briefly, typically to a mail server or a webmail interface for as long as it takes to send or receive messages.

Various anti-spam techniques are used to prevent email spam.

Email spam unsolicited electronic advertising by e-mail

Email spam, also known as junk email, is unsolicited messages sent in bulk by email (spamming).

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited only to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails, a technique often used in phishing and email spam.

Hashcash is a proof-of-work system used to limit email spam and denial-of-service attacks, and more recently has become known for its use in bitcoin as part of the mining algorithm. Hashcash was proposed in 1997 by Adam Back and described more formally in Back's paper "Hashcash - A Denial of Service Counter-Measure".

Sender ID is an anti-spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework (SPF) and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of incoming messages with anti-spam techniques - to outgoing emails as well as those being received.

TrustArc is a privacy compliance technology company based in San Francisco, California. The company provides software and services to help corporations update their privacy management processes so they comply with government laws and best practices.

In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses.

TurnTide Inc. was an anti-spam technology company founded in 2004 and based in Conshohocken, Pennsylvania. The firm was created as a spin-off corporation from privacy and anti-spam technology firm ePrivacy Group to bring to market the world's first anti-spam router. The technology, linking anti-spam detection algorithms with network-level flow controls, was originally marketed by ePrivacy Group under the name "SpamSquelcher".

Ray Everett American lawyer and businessman

Ray Everett, formerly known as Ray Everett-Church, is an American attorney, entrepreneur and author. He was dubbed "the dean of corporate Chief Privacy Officers" by Interactive Week Magazine, first creating that title and position in 1999 at Internet advertising company AllAdvantage. In 1997, he was profiled by The New York Times as an influential advocate of responsible online advertising.

A Digital Postmark (DPM) is a technology that applies a trusted time stamps issued by a postal operator to an electronic document, validates electronic signatures, and stores and archives all non-repudiation data needed to support a potential court challenge - it guarantees the certainty of date and time of the postmarking. This global standard was renamed the Electronic Postal Certification Mark (EPCM) in 2007 shortly after a new iteration of the technology was developed by Microsoft and Poste Italiane. The key addition to the traditional postmarking technology was integrity of the electronically postmarked item, meaning any kind of falsification and tampering will be easily and definitely detected. Additionally, content confidentiality is guaranteed since document certification is carried out without access or reading by the postal operator. The EPCM will eventually be available through the UPU to all international postal operators in the 191 member countries willing to be compliant with this standard, thus granting interoperability in certified communications between postal operators. In the United States, the US Postal Service operates a non-global standard called the Electronic Postmark, although it is soon expected to provide services utilizing the EPCM.

MailChannels is a privately held, anti-spam technology company based in Vancouver, British Columbia.

Privacy-enhancing technologies (PET) are the methods of protecting data in accordance with the law. PET allow online users to protect the privacy of their personally identifiable information (PII) provided to and handled by services or applications. PET uses techniques to minimize possession of personal data without losing the functionality of an information system.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced. No matter, in developing or developed countries, governments and industries have gradually realized the colossal threats of cybercrime on economic and political security and public interests. However, complexity in types and forms of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale. China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including Windows 8 and later, Internet Explorer, Microsoft Edge and Outlook.com. It is designed to help protect users against attacks that utilize social engineering and drive-by downloads to infect a system by scanning URLs accessed by a user against a blacklist of websites containing known threats. With the Windows 10 Creators Update, Microsoft placed the SmartScreen settings into the Windows Defender Security Center.

Meng Weng Wong American businessman

Wong Meng Weng (黃銘榮) is a Singaporean serial entrepreneur notable for proposing a historicist explanation for the relative tendency of individuals in different generations after immigration to become entrepreneurs. In 1994 he founded pobox.com, an email services company. In 2003 he led the group that designed the Sender Policy Framework standard (RFC4408) which was later embraced and extended by Microsoft. In 2005 he co-founded Karmasphere, a reputation services venture. In 2010 he co-founded the Joyful Frog Digital Incubator, an early-stage digital innovation company.

References

  1. 1 2 "internetnews.com".
  2. "Proposal and Policy".