Identified Internet Mail: A network based message signing approach to combat email fraud



Overview
Cisco® Identified Internet Mail (IIM) is the Cisco Systems® proposed signature-based mail authentication standard to address the growing problem of Internet spam and e-mail fraud such as phishing attacks.  IIM is designed to help identify fraudulent messages and apply user-defined policies depending on the outcome of the message verification process.  To establish the authenticity of an e-mail message, IIM verifies that the message sender is authorized to send messages using a given e-mail address and that the original message was not altered in any consequential manner.  IIM preserves the positive aspects of today’s e-mail infrastructure including the privacy of e-mail users and the ability for a user to send e-mail to any other user.  Deploying IIM makes a sending domain more accountable for e-mail messages originating from its domain and limits the ability of spammers and malware (such as viruses and worms) to forge return addresses or disguise the identity of infected systems.

IIM Supports Wide Range of Use Cases

Details
See white paper.
Or presentation made to the 2004 FTC summit on email authentication.

For More Information
An Internet-Draft (draft-fenton-identified-mail-00) was submitted to the IETF on June 2, 2004, updated October 14, 2004. The latest draft is available in text and html form..

Cisco Systems®  has released an open source implementation of Identified Internet Mail which is available for download at:  http://sourceforge.net/projects/identifiedmail/.