Business
Anti-spam standard still moving in slow motion
It has now been almost six months since the last time we heard about what progress (or lack thereof) the SenderID e-mail authentication specification was making on the anti-spam standards front. It's been so long that I was beginning to wonder what's up and if there's any hope of ratifying a standard any time soon.
It has now been almost six months since the last time we heard about what progress (or lack thereof) the SenderID e-mail authentication specification was making on the anti-spam standards front. It's been so long that I was beginning to wonder what's up and if there's any hope of ratifying a standard any time soon. Or are we just going to drown in the growing deluge of spam?
SenderID is a framework that supports multiple techniques for checking whether an e-mail was sent from the domain it says it's from. Being able to perform such a check is widely regarded as a foundation-laying step in the fight against spam for two reasons. First, given that spammers often forge the credentials that go out with their e-mails in order to cover their tracks, being able to verify the authenticity of those credentials can greatly increase the accuracy of filtering as a way of dealing with spam. Second, once you've established with some confidence that whatever e-mail is left (after said filtering) is from who it says it's from, you can apply other rules to how those messages get handled.
The last time there was any news on the SenderID front, it wasn't good. Under the auspices of a working group called the MTA Authorization Records in DNS (MARID) group, the Internet Engineering Task Force (an Internet standards organization) held a series of discussions to deliberate the merits of various credential authentication techniques. But, after announcing that "the working group participants have had fundamental disagreements," the IETF disbanded the effort at the recommendation of the group's co-chairs. At least some of the breakdown was attributed to Microsoft's desire to maintain its intellectual property rights (IPR) to one of the credential-checking techniques. Although Microsoft currently doesn't hold a patent to that technique -- known as the Purported Responsible Address (or PRA) technique -- it has applied for one. While others who were privy to the conversations agree that Microsoft's patents were a sticking issue, they say that there were technical disagreements as well (not unusual for a standards discussion).
So, having heard nothing in a while, I decided to check in with Microsoft to see what if any progress there had been on the anti-spam standards front. Perhaps, for example, Microsoft might be reconsidering its IPR position. After pinging Microsoft for an update, I was able to line up a recorded audio interview with Harry Katz, a program manager in Microsoft
SenderID is a framework that supports multiple techniques for checking whether an e-mail was sent from the domain it says it's from. Being able to perform such a check is widely regarded as a foundation-laying step in the fight against spam for two reasons. First, given that spammers often forge the credentials that go out with their e-mails in order to cover their tracks, being able to verify the authenticity of those credentials can greatly increase the accuracy of filtering as a way of dealing with spam. Second, once you've established with some confidence that whatever e-mail is left (after said filtering) is from who it says it's from, you can apply other rules to how those messages get handled.
The last time there was any news on the SenderID front, it wasn't good. Under the auspices of a working group called the MTA Authorization Records in DNS (MARID) group, the Internet Engineering Task Force (an Internet standards organization) held a series of discussions to deliberate the merits of various credential authentication techniques. But, after announcing that "the working group participants have had fundamental disagreements," the IETF disbanded the effort at the recommendation of the group's co-chairs. At least some of the breakdown was attributed to Microsoft's desire to maintain its intellectual property rights (IPR) to one of the credential-checking techniques. Although Microsoft currently doesn't hold a patent to that technique -- known as the Purported Responsible Address (or PRA) technique -- it has applied for one. While others who were privy to the conversations agree that Microsoft's patents were a sticking issue, they say that there were technical disagreements as well (not unusual for a standards discussion).
So, having heard nothing in a while, I decided to check in with Microsoft to see what if any progress there had been on the anti-spam standards front. Perhaps, for example, Microsoft might be reconsidering its IPR position. After pinging Microsoft for an update, I was able to line up a recorded audio interview with Harry Katz, a program manager in Microsoft