Our News

FST Key to Hot FBI Cyber-Terror Issue

Comments by FBI Cyber Crimes Assistant Director Shawn Henry made last October to reporters centered on a noticeable rise in cyber-terrorism and specifically cited "spear phishing" as a rapidly rising threat.

ISR's Forensic Sender Test™ helps UCE control systems combat all types of email identity crimes. Providing FST service in your mail system component or service not only brings tremendous value to your customers, but also affords an opportunity to show initiative on a “hot button” issue.

Contact us to learn more.

Partnering with Ingenious System Research, LLC

ISR is inviting email quality control appliance and software vendors to integrate the Forensic Sender Test™ anti-spoofing/anti-phishing technology into their existing products and services. The integration process is extremely light allowing the opportunity for a high-profile upgrade without excessive research and development or integration expenses. Since the identity theft problem is so contemporary and relevant, the addition of a sound anti-phishing technology represents a significant public relations opportunity as well.

What Is It?

The Forensic Sender Test™ was developed in 2004 for use in email security and UCE control systems to identify spoofed sender addresses and phishing email. The system is intended to check the alleged sender email address against the IP address of the connected mail client. The test is requested and response delivered in real-time over HTTP to ensure transaction encapsulation. The test works by first assuming there is no association and then verifying and cross-referencing compiled databases of official and/or observed "responsible parties" in search of an algorithmic overlap of reliably asserted authority.

Does It Have A Track Record?

The Forensic Sender Test™ underwent three years of structured testing that started in August of 2004 and included the movement of over 1 billion real email messages for the subscribers of over 70 ISPs and thousands of employees of hundreds of small to medium sized businesses. Throughout the test period (and to date), 100% of all phishing messages were correctly identified as spoofs and 100% of legitimate messages from the targets of phishing attacks were correctly identified as valid.

How Does It Add Value to Your Products and Services?

In addition to inbox phishing protection, accurate sender authenticity data opens new levels of service for mail system component and outsourced services vendors. Edge-service SMTP filtering of malicious traffic and subsequent de-loading of the entire mail system; effectiveness and throughput improvements in UCE filtering algorithms; domain-based reputation; and even spoof-less identity-based filtering are all possible with the FST's ability to analyze any IP address/email address combination without regard for supplemental opt-in data from un-adopted standards.

What Will Your Development Burden Be?

The Forensic Sender Test™ runs on a protected distributed network and is accessed through a single HTTP GET either in-line from your SMTP server or as part of a post-processing mail sorting routine. The request returns a series of flags indicating whether or not an association between the two can be asserted and whether the domain tested is a known target of phishing attacks. This result can be used in many ways leaving the scope of new development largely up to the vendor. (For organizations requiring additional levels of service beyond a simple HTTP lookup, a SOX-compliant version of the FST is available.)

Investigating Your Options Further

There are many ways to take advantage of the FST's power in your own software or appliance solution. Please contact our business development department to discuss various methods to proceed with testing, development, and trade partnerships.