 |
• May 28, 2004 •
Last Tuesday, Microsoft announced that they have agreed to converge their Caller ID for E-mail proposal with a proposal put forward by Meng Wong called the Sender Policy Framework (SPF). The two proposals will be merged into one specification designed to help eliminate domain spoofing and provide greater protection against phishing schemes. By providing a unified specification, Microsoft and Wong hope to simplify industry adoption of effective e-mail authentication technology, thereby helping to more swiftly provide greater spam protection to e-mail users worldwide.
"Spoofing," or sending e-mail purporting to be from someone it's not, is an increasingly common and relatively simple way for spammers to try to trick filters. It can also pose a security risk when used to deliver e-mail viruses or phisher scams, which attempt to trick users into divulging personal information such as credit card numbers or account passwords by pretending to be from a legitimate source, such as a user's bank. Caller ID and SPF aim to prevent spoofing by confirming what domain a message came from and thereby increase the effectiveness of spam filters.
Under the merged proposal, organizations will publish information about their outgoing e-mail servers, such as IP addresses, in the Domain Name System (DNS) using the industry-standard XML format. Backward compatibility will be provided for the many domains that have already published information in the SPF TXT format.
A formal specification will be published next month and submitted to the Internet Engineering Task Force (IETF) standards body for evaluation and review, as part of its work to define effective industry Internet e-mail standards to address the problem of spam.
"Convergence of these two technical specifications is a critical step in our efforts to eliminate the spam problem and a big win for e-mail users worldwide," said Ryan Hamlin, general manager of the Anti-Spam Technology and Strategy group at Microsoft. "By working together with Meng Wong and the SPF community, we plan to create one technical specification that we believe the entire industry can rally around that will virtually eliminate domain spoofing and help restore user trust and value to e-mail."
To be more effective in the fight against junk e-mail, filters need additional information that is not available in e-mail messages today. By making simple but important changes to the e-mail infrastructure, such as those outlined in the merged SPF-Caller ID proposal, greater certainty can be provided about the origin of an e-mail message and enable legitimate senders to more clearly distinguish themselves from spammers.
