Anti-spam standard still moving in slow motion

Anti-spam standard still moving in slow motion

Summary: It has now been almost six months since the last time we heard about what progress (or lack thereof) the SenderID e-mail authentication specification was making on the anti-spam standards front. It's been so long that I was beginning to wonder what's up and if there's any hope of ratifying a standard any time soon.

TOPICS: Tech Industry
It has now been almost six months since the last time we heard about what progress (or lack thereof) the SenderID e-mail authentication specification was making on the anti-spam standards front. It's been so long that I was beginning to wonder what's up and if there's any hope of ratifying a standard any time soon. Or are we just going to drown in the growing deluge of spam?
SenderID is a framework that supports multiple techniques for checking whether an e-mail was sent from the domain it says it's from. Being able to perform such a check is widely regarded as a foundation-laying step in the fight against spam for two reasons. First, given that spammers often forge the credentials that go out with their e-mails in order to cover their tracks, being able to verify the authenticity of those credentials can greatly increase the accuracy of filtering as a way of dealing with spam. Second, once you've established with some confidence that whatever e-mail is left (after said filtering) is from who it says it's from, you can apply other rules to how those messages get handled.

The last time there was any news on the SenderID front, it wasn't good. Under the auspices of a working group called the MTA Authorization Records in DNS (MARID) group, the Internet Engineering Task Force (an Internet standards organization) held a series of discussions to deliberate the merits of various credential authentication techniques. But, after announcing that "the working group participants have had fundamental disagreements," the IETF disbanded the effort at the recommendation of the group's co-chairs. At least some of the breakdown was attributed to Microsoft's desire to maintain its intellectual property rights (IPR) to one of the credential-checking techniques. Although Microsoft currently doesn't hold a patent to that technique -- known as the Purported Responsible Address (or PRA) technique -- it has applied for one. While others who were privy to the conversations agree that Microsoft's patents were a sticking issue, they say that there were technical disagreements as well (not unusual for a standards discussion).

So, having heard nothing in a while, I decided to check in with Microsoft to see what if any progress there had been on the anti-spam standards front. Perhaps, for example, Microsoft might be reconsidering its IPR position. After pinging Microsoft for an update, I was able to line up a recorded audio interview with Harry Katz, a program manager in Microsoft

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RANDZ should be enough

    As long as M$ will not charge anyone a fee to use their technology, why not use it? Sun keeps the Java patents close in hand, while allowing everyone to use the tech.
    Roger Ramjet
    • There's fees and there's tolls

      MS' terms don't cost money, but they also aren't transitive: everyone has to get their own license.

      Sort of like entering a drawing for a "free" dinner: you don't have to pay a dime but you do have to hand over your e-mail address to every spammer on Earth. Question: how free is that dinner?
      Yagotta B. Kidding
  • Negative attention

    Microsoft's attitude has always been, "call me anything you like as long as you spell my name correctly." There's no reason that their policy should change, and every reason to play hardball to keep the GPL and similar [i]software libre[/i] out of every market possible.
    Yagotta B. Kidding
  • Wow

    David a whole article on anti-spam and sender
    authentication a not a single mention of SPF (you know
    available now, unencumbered from MS patents, the
    platform SenderID was built on).

    SenderID is simply SPF v2 (offers nothing but verbose XML
    format) and Purported Responsible Address (PRA) added
    with MS license restrictions.

    By default SenderID implementations will read SPF v1. So
    the solution today is for people to publish SPF v1 DNS
    entries whilst MS uses its considerable resources to try and
    force the market to follow them.

    For where I stand SenderID is dead, no open source project
    is going to touch it. Open source MTA's deliver a majority
    of the internet emails, SenderID has no future without their
    Richard Flude
    • Disagree completely.

      Sure SPF is out there, but no one (almost no one) is using it. It's going to take Microsoft to start the ball rolling. I know you don't like hearing it but open source just doesn't have the traction to do it.
      • Disagree completely

        Who cares if MS starts rejecting non SenderID? 90% of everything
        we receive with a or return address is
        spam and is never delivered to our users.

        As I see it MS could greatly reduce the amount of spam on the net
        by shutting down these email servers.
  • Email Is Useless Soon

    In my opinion, I think this is all a waste. Right now, I can not send exes and bats for home and work. Outlook PREVENTS me and no way to turn it off. I get 500 SPAMs a day at work, and no one from my own family emails me anymore. With all the viruses and spams and hacks ahppening, along with all the preventions, eventually no emails can be sent because EVERY attachment "may contain a virus and is PREVENTED from being sent even to your self knowing it is a safe document", every email is considered SPAM because having the words "Uncle Joe is throwing a party to help raise money" will be blocked, and so on and so on.
    Email is going to become very useless because of all these spammers and virues writers that we will go back to writing letters and sticking stamps on them (yes, I still do). Then they will all have to find a new way to waste our time, since deleting 500 letters a day just to make sure my customers are not in there (which they are), will become a thing of the past and I can open them safely form an envelope.
    Anit spam and anti virus methods will also help make email ueless since they will eventually block EVERYTHING.
    Heck, I can not even send an email to my friend about a game we play saying "I plan to assinate (sp) the leader and bomb the country tonight" without being out numbered (again) by 30 people from the army banging down my door (again).
    Email = uslessness altogether.