America Online (AOL) has ditched Microsoft's Sender ID technology in favour of Sender Policy Framework (SPF).
The move follows concerns over Sender ID voiced by the Internet Engineering Task Force (IETF) earlier this week. Explaining its decision, AOL cited a low level of support for the technology in the open source community, as well as possible problems with backward compatibility.
"AOL has decided to move forward with SPF-only checking on inbound email at this time. This means AOL will now not be moving forward with full deployment of the Sender ID protocol," said a spokesman for the firm in an email statement. "The licensing of Sender ID technology has never been a focus of concern for the company and its potential deployment of Sender ID technology."
Although AOL said it would take into account the interests of the open source community, its chief reason for the move was that the Microsoft technology was inadequate, AOL said. "AOL has serious, technical concerns that Sender ID appears not to be fully, backwardly-compatible with the original SPF specification -- a result of recent changes to the protocol and a wholesale change from what was first envisioned in the original Sender ID plan," the statement said.
But AOL still intends to publish Sender ID files so its users can use applications that require the technology.
In a prepared statement, Microsoft said: "AOL's decision to conduct only 'MAIL FROM' checks as outlined in the original SPF proposal reflects exactly the kind of flexibility and room for choice provided by the IETF's revised Sender ID proposal. What's encouraging about AOL's announcement is that they will join us in publishing both records and we continue to recommend that all mail senders do the same."
Earlier this week, the IETF rejected Microsoft's controversial proposal for Sender ID because of possible conflicts with pending Microsoft patents. Critics charged that Microsoft's licensing requirements would have prevented open-source software makers from sublicensing the technology, although others argued sublicensing would not have been a problem.
Sender ID, like SPF, is a technology that verifies the authenticity of an email sender's "@" address, such as "@yourbank.com", by validating the underlying, numeric Internet Protocol address. The system combines Microsoft's "Caller ID for Email Technology" and SPF, authored by Meng Wong, chief technology officer at Pobox.com.
AOL's announcement illustrates the brewing standards battle for email authentication technology for fighting spam. One of the most reviled byproducts of the Internet, spam has become a problem that plagues consumers, corporate networks and email providers such as AOL, MSN and Yahoo.
All three of the Internet giants are putting their weight behind their own systems. AOL has used SPF since 2003; Microsoft is pushing for Sender ID; and Yahoo is supporting Domain Keys, which uses digital signatures and can be employed alongside SPF or Sender ID. These technologies take different stabs at the same problem, and each company is trying to drum up support among industry players.
Despite public statements about cooperation, AOL, Microsoft and Yahoo made independent moves to turn their systems into standards. All three companies have submitted proposals to the IETF in the hope that their preferred technology will become the industry standard for antispam efforts.
Yahoo spokeswoman Mary Osako said in an email that the company "is continuing to evaluate a variety of industry solutions including those that are IP-based, such as SPF and Sender ID, and those that are cryptographic, such as DomainKeys. Yahoo is focusing efforts around DomainKeys, which provide an effective and scalable solution to solving the phishing and email forgery problem."
CNET News.com's Jim Hu, Stefanie Olsen and Rob Lemos contributed to this report.