An important aspect of corporate email security architecture is its method of preventive countermeasures. These defenses are charged with thwarting a variety of threats from spam and phishing to malware like Trojans and rootkits. First-line countermeasures include message content inspection. This type of reactive system relies on signature engines and updated databases of known spam and phishing phrases. Additional prevention techniques employ domain filtering using blacklists and whitelists. More effective filters combine heuristic techniques with statistical analysis through Bayesian filters to analyze email based on collected content. However, these detection methods often fall short, relying on slow updates from limited data and resulting in unacceptable numbers of false positives. Furthermore, identity spoofing and domain hopping of malicious senders has weakened the effectiveness of these countermeasures.
Cryptographic, or signature-based authentication systems rely on digitally signing messages with PKI pairing. Recipient mail servers perform signature validation with public keys retrieved from DNS records. This method is utilized by the DomainKeys Identified Mail (DKIM) authentication framework, recently adopted by eBay and PayPal, the two companies most notably targeted by phishing attacks in recent years.