VeriSign has finally joined the rest of the industry and brought out new spam, virus and phishing prevention services.
Its Email Security Service intercepts, scans and filters e-mail traffic before passing it to customer e-mail servers. And its Anti-Phishing Solution - a separate program - helps companies detect and combat scams that target their customers, VeriSign said.
The new services will help companies preserve the usefulness of e-mail and fight modern-day scourges, like spam, that are lowering worker productivity, said Chad Kinzelberg, a VeriSign vice president. VeriSign will use its high-end networking infrastructure and reputation as the largest certificate authority and manager of all dotcoms and dotnets to attract customers who want relief from spam and viruses, but demand "100 percent uptime", according to Kinzelberg.
To use the service, VeriSign customers will modify the mail exchange (MX) record for their e-mail domain to point to VeriSign's email servers, so all their email will be routed through VeriSign's own system first. As for the technology, it is using e-mail management and security software from FrontBridge to provide the core spam elimination, anti-virus and disaster recovery features under a multi-year licence.
VeriSign will host FrontBridge's messaging products in its US data centers, and add on its own proprietary technology and intellectual property, such as anti-fraud intelligence gleaned from its online payment business, Kinzelberg said.
Anti-virus engines from Sophos, Symantec and Trend Micro will scan e-mail arriving at VeriSign's data center. Heuristic filters built into the FrontBridge product will weed out spam and delete or quarantine it. Customers will also be able to create policies for blocking or quarantining messages with undesirable content.
The Anti-Phishing Solution service takes a similar approach, with VeriSign repackaging data, expertise and technology already used in other services.
Phishing scams are online crimes that use spam to direct Net users to websites that resemble legitimate e-commerce sites, but are controlled by thieves. The sites ask users for sensitive information such as a password, social security number, bank account or credit card number, often under the guise of updating account information.
To help companies combat phishing, VeriSign will use information taken from its domain name monitoring service, Web crawlers, spam filters and customer complaints to spot "cousin" websites that are used in phishing scams to mimic valid e-commerce sites, the company said.
VeriSign's relationships with leading ISPs and Web hosting companies and its team of forensic and fraud investigators will help it shut down phishing sites quickly, the company said. It will also offer paid consulting services to help companies create education programs and processes to address phishing scams, it said.
The Email Security Service is free for the first 30 days. After that, the service will cost between $1 and $3 per user per month. Prices for the Anti-Phishing Solution vary depending on the consulting and technology services the customer selects, Kinzelberg said. Both services will be available on 12 July.
The company is also planning future enhancements to the service, including support for so-called "sender authentication" plans such as those backed by Microsoft, Yahoo and others.
VeriSign is working with Microsoft and plans to support the Sender ID specification that Microsoft submitted to the Internet Engineering Task Force last week. Sender ID combines Microsoft's Caller ID specification with Sender Policy Framework, a similar standard created by Meng Weng Wong, co-founder and chief technology officer at Pobox.com, an e-mail forwarding service.
VeriSign will also make its Verified Domains List freely accessible to anti-spam software and service providers in an effort to foster e-mail authentication adoption and spam's eventual elimination, the company said Monday. "We're in an arms race with spammers," Kinzelberg said. "It's a game of one-upmanship that's difficult to win. Once we know who's sending e-mail, it gets a lot easier."