Because a BRAND is much more than a trademark,
It’s a TRUSTMARK!
   
how to get started
 
SbS2.0TM Technical Overview
 Download PDF Version
Architecture
Architecture
1. A process generates an email, probably from a marketing campaign or a transaction response.

2. The SbS2.0™ Writer signs the message headers and body as per the Domain Keys Identified Mail standard. Any DKIM writer will work for sending Branded Email, though with reduced reporting functionality. The SbS2.0™ Writer is available as a stand-alone unit or as a software add-in for your existing MTA.

3. The recipient ISP’s edge MTA receives and processes the email according to its rules - including a spam filter bypass rule based on the presence of a Brandmail Header.

4. The SbS2.0™ Reader is integrated with the last MTA before the actual email mailboxes. This MTA is configured to only accept email from its internal interface. This means that there is no route around the SbS2.0™ Reader. Since we check the authenticity of the email, forged email will not make it into the subscriber’s inbox.

5. The Reader validates the DKIM signature and, if valid, generates a second cryptographic hash for use in requesting a logo from the SbS2.0™ Control Center. Generation and tracking of this hash protects the system from a variety of attacks, including click fraud.

6. The Reader requests a logo from the SbS2.0™ Control Center, and inserts a reference that is used by the recipient’s email client to retrieve the logo.

7. The ISP MTA delivers the email to the recipient’s mailbox.

8. The recipient opens up the email client. The Control Center tracks each time the logo is rendered and viewed in the recipient’s inbox and each time the email is opened.

9. The Control Center provides a centralized management console where the Sender manages all aspects of the Branded Email process (logo storage, mapping logos to sending email addresses, viewing statistics). It also provides partner ISPs with their billing information, and allows Brandmail Solutions to bill the participating email Senders.
Executive Summary
In order to provide a secure Branded Email system, the Brandmail Solutions SbS2.0™ has 3 components:
  • The SbS2.0™ Writer digitally signs outbound email messages.
  • The SbS2.0™ Reader, installed at partner ISPs, verifies the signature and brands the email.
  • The SbS2.0™ Control Center manages the overall process, associating sending email addresses with logos and tracking the destiny of every Branded Email. As such, it is in position to provide reporting and billing functions.
The Sbs2.0TM Writer

The Brandmail SbS2.0™ Writer is the outbound Mail Transfer Agent (MTA) that is responsible for signing each outbound message with a cryptographic signature. The Writer uses the Domain Keys Identified Mail (DKIM) standard for adding the cryptographic signature.

The Writer is fully DKIM compliant, and will work either as a synergistic part of an SbS2.0™ system (with the Brandmail Reader and Control Center) or will work to sign emails destined for any DKIM compliant system. The Writer is available as an integrated component with various MTA providers, or is available as a stand-alone unit.

It is also possible to use any standards compliant DKIM writer as implemented in your MTA.

The BM Writer
Writer Detailed
Feature List
  • Supports inbound and outbound SMTP communications
  • Supports TLS, SMTP-AUTH, and/or IP-address based access security brands the email.
  • Supports multiple sending domains
  • Will sign against more headers if they are present
  • Uses a 1024-bit private RSA key unique to the sending domain, against a 160-bit SHA-1 hash of the message for generating the cryptographic signature
  • Logs all operations to the Control Center
  • Throughput dependent on hardware configuration
  • Implemented on Linux
The Sbs2.0TM Reader

The SbS2.0™ Reader verifies the signature on any Brandmail Solutions customer-sent DKIM or Domain Keys signed email. In addition to checking the signature, the Reader also inserts a brand logo into authentic email.

Because the Reader is in-line with all email passing into the ISP, it is in a position to quarantine any email that fails authentication before the bogus email reaches the spam filters.

In communicating with the Brandmail Control Center to insert the brand logo, the Reader provides unique details of the email to the Control Center. These details, while they do not contain any private information, allow the system to prevent duplicate emails from getting through to recipients. This is an important improvement over stock DKIM implementations that are susceptible to message replay attacks.

The recipient’s email client then receives a fully branded email, complete with logo to display in the subscriber’s inbox.

The BM Reader

 
Reader Detailed
Feature List
  • Supports inbound and outbound SMTP communications
  • Validates DKIM signatures using the sending domain’s 1024-bit public RSA key
  • Retrieves public key via SSL, not DNS
  • Quarantines messages that have invalid or missing DKIM signatures
  • Transmits messages that pass DKIM validation
  • Detects and prevents replay attacks
  • Generates a unique message hash for use in communicating with the SbS2.0™ Control Center that uses this hash to validate and track all incoming logo requests
  • Logs all email operations to the SbS2.0™ Control Center
  • Central domain configuration (logo to email address matching) via the Control Center
  • Supports Windows 2000, Windows XP, Windows 2003, Linux, and Solaris
The Sbs2.0TM Control Center

The Brandmail Control Center is designed to work in conjunction with the Brandmail SbS2.0™ Writer and Reader. By providing a secure, centralized authority for email tracking and key distribution, the Control Center also layers additional protection on top of the basic DKIM protocol.

The SbS2.0™ Control Center is a web service where email sending organizations:

  • Define which email addresses will be branded
  • Choose which logo will be used with each sending address
  • Define which email sending addresses will be branded for a particular domain
  • Track key metrics for delivery and number of times viewed
  • Log their email sending results
  • Log email received results
  • Get logos for each sending address
  • Track email view/open rates

The BM Control Center

 
Control Center Detailed
Feature List
  • All communications to and from the Control Center are encrypted
  • Senders configure branded email addresses, upload logos, and map logos to sending email addresses
  • Administrators configure access permissions for SbS2.0™ Readers and Writers
  • Reporting: # of emails sent, # received at Brandmail Solutions partner ISPs, # displayed in inboxes, # of messages displayed, billing and revenue information
  • Validates logo request and encryption signature
  • Delivers logo for each valid message
Download PDF Version
 
   
     
     
  Untitled Document A brand is much more than a trademark. It's a trustmark! TM

home | company | careers | press releases | info center | contact | privacy


Brandmail Solutions is a proud member of:
                                


To view this site, you must have the latest version of Flash Player installed.
Patented under U.S. Patent No. 7,457,955. Copyright © 2009 BrandMail Solutions, Inc. All rights reserved.