Microsoft-backed antispam spec gets filtered out

Proposal for verifying the source of e-mail is shelved by the engineers working to turn it from specification to standard.
Written by Stefanie Olsen, Contributor on
A Microsoft-backed proposal for verifying the source of e-mail has been shelved by the Internet engineers working to turn it from specification to standard, in a final blow for antispam technology Sender ID.

Sender ID is a technology designed to foil spammers by authenticating an e-mail sender's "@" address, such as "@yourbank.com," by checking its underlying, numeric Internet Protocol address. The system combines a previous proposal called Sender Policy Framework, or SPF--authored by Meng Wong, chief technology officer at Pobox.com--and Microsoft's follow-on "Caller ID for E-Mail Technology."

On Wednesday, the technical standards body Internet Engineering Task Force, or IETF, announced that the working group charged with building consensus on the Sender ID proposal has "concluded."

"From the outset...the working group participants have had fundamental disagreements," according to the IETF announcement, referring to the working group formally known as the MTA Authorization Records in DNS, or MARID. Therefore, MARID's co-chairs "concluded that (it) should be terminated."

Instead, the IETF has granted Sender ID "experimental" status so that the industry can test it, along with competing e-mail authentification proposals, and build consensus that way.

Closing shop comes roughly a week after MARID voted down a proposal by Microsoft to make some of the company's intellectual property a mandatory part of the solution. The group decided that Microsoft's insistence on keeping secret a possible patent application on its proposed technology was unacceptable.

The use of Microsoft's technology in the combined specification meant the company could specify a license that potential users would have to agree to before using the code.

America Online recently said it would not support Sender ID, citing poor industry support and compatibility issues with the antispam technology, SPF, that it supports. Open-source groups also pulled their support of Sender ID, claiming its licensing restrictions were too strict.

"In its current form, Sender ID is dead," said Yakov Shafranovich, former co-chair of the Anti-Spam Research Group of the Internet Research Task Force. "What's left is SPF and whatever Microsoft decides to promote. At this point, we're back to where we were six months ago."

SPF's Wong already said he plans to publish a "unified SPF" proposal that "captures everything we've learned so far." The unified proposal will require senders and receivers to publish for and check three major groups of identities, he said. Those include the host name, mail-from, and Purported Responsible Address, a technique that checks the record against the most recent sender of the e-mail address.

"This is the best way forward. It offers the market a superset of all the other proposals," Wong said.

Microsoft could not be immediately reached for comment.

Editorial standards