Email Security Solution

II. Technical Solutions

1. Source Authentication (BASTECH)
2. SMTP Authentication
3. Secure SMTP / STARTTTLS / SSL

1. Source Authentication (BASTECH)
2. SMTP Authentication
3. Secure SMTP / STARTTTLS / SSL

1. Email Accounts Administrator
2. Email Account User

Starting with how email works, the problem of spam originated because there is no security in sending an email message to someone. This was a good idea in the early days. However, nowadays accepting email from just anyone can be annoying or even worse.

Through years of research and development computer scientists learned that there really was no way to 'beat' spam. For every slick algorithm created there was another one created by the spammers to surpass it. Eventually the very routines designed to delete spam started deleting mass quantities of valid email.

The problem was that we were allowing anyone to send anything without verification of who the sender was. The scientists were trying to validate the content of what was sent and that is simply an impossible task for any computer.

Source Authentication was created by a computer scientist named Gregory Way. His idea was simple. If we authenticate our domain registrations or software downloads with a simple email confirmation going back as far as the early 90's, then why is it that today we simply accept anyone's email message as being from who they say they are?

What was missing in email was an authentication request. If your email account did not recognize a sender, it should not just blindly accept the incoming email message and should scan the message for content. It should send off an authentication request and ASK the sender to confirm they are who they say they are. This did not need to be a complex process.

Anyone who registered a domain name in 1995 knows that a simple "reply" from the email account is all that it takes. The reason for that is that the sender must "authenticate" through POP3 or some other client access protocol to retrieve the orginal email in order to respond back to it. This is where the term "Source Authentication" comes from, as we depend on the sender to authenticate from the source, not by a destination, which is normally used to authenticate.

Others in the industry call this technology 'challenge-response'. Typically, challenge-response involves some form of encryption or other means to pre-identify a response or in some cases it means that the user must go to a web site to send the response. The drawbacks of other solutions are numerous, but suffice it to say that Source Authentication does not have any of those drawbacks. In fact, it has a unique benefit. Computer systems such as e-commerce servers can reply to Source Authentication systems but not to Challenge-Response systems. Hence, users who also need email from automated sources can still get that mail.

Source Authentication (BASTECH)

A Source Authentication-enabled email account accepts incoming mail by invitation only. You control who is allowed access to your Inbox. If someone wants to send you a message, the server will first email them back with another message asking them to click 'reply' and 'send'. Once the sender does this, they have authenticated themselves and so their original email message is allowed to come to you.

SMTP Authentication

SMTP Authentication prevents someone from 'spoofing' your email account by accessing your email server and sending a "MAIL FROM" tag with your email account. Most people do not realize how email works and are surprised to find out that all along that sending email has been completely without security.

Secure SMTP / STARTTTLS / SSL

Secure Email provides us with the ability to send mail from our email client to the email server in SSL. Keep in mind that the destination server will be contacted in non-secure mode and the email is often delivered in open text. So why have SSL? Two reasons. The first is that we provide encryption for the authentication (see above SMTP Auth). The second reason is to actually get around the service providers who have created a gauntlet on port 25 (the SMTP port). If you are using Earthlink for example your email is not actually sent directly to the SMTP server you program in your email client. They take over port 25 and redirect your email to their email servers. Those email servers then decide where the email is going. By providing SSL or Secure email we provide you a means to get around that so we can capture your outbound email addresses to automatically build your white lists.

Source Authentication (BASTECH)

The setting for Source Authentication is not in your email client. Follow the instructions given within the email account manager to configure your email account to use Source Authentication. Also note we have provided a number of anti-virus tools to prevent virus mail from making it to your computer from even non-spam email.

SMTP Authentication

It is best to use SSL with SMTP Auth, so we combined the instructons below. If you wish to use only one or the other, please speak with a technical expert about how to configure your email client.

Secure SMTP / STARTTTLS / SSL

Microsoft Outlook

To configure Outlook to use SMTP AUTH/STARTTLS:

Note: Outlook and Outlook Express change from Version to Version. This is a general guideline.
1. Go to the Tools menu and choose Accounts (email accounts).
2. Click Properties
3. Click Email Servers (or find the Servers Tab).
4. Click Settings.
5. Now click on the Out Going Server tab.
6. Check the box that says My server requires authentication.
7. Click on Settings (be sure "Use the same settings as my incoming mail server" is checked).
8. Click on Advanced. Under the Outgoing mail (SMTP) port number, which should become either 26 or 465, check the box that says 'This server requires a secure connection'. Be sure you check the box that is for the SMTP server.
9. Click OK at the bottom, then Next and Finish.

To configure Eudora to use SMTP AUTH/STARTTLS:

1. Go to the Tools menu and choose Options.
2. Make sure the SMTP server is named mailbox.eng.usf.edu.
3. Select the setting 'Allow Authentication'.
4. Under Secure Sockets when Sending, select 'Required, Alternate Port'.
5. Click OK.

Email Accounts Administrator

We have moved the reference for email administrators to another document. If you are the account administrator or an adminstrator for an ISP please contact your account representative for administrative documentation.

Email Account User

We have put together extensive online help documentation within the account manager. Once you log in to your online account manager you may click "help" on any of the specific items or on the main pages.