Advertisement
Promo

Security threats Toolkit

Microsoft proposes joint anti-spam fight

Stefanie Olsen CNET News

Published: 24 May 2004 11:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft is lobbying to combine its technical proposal for authenticating email with a competing process, backed by America Online.

George Webb, group manager of Microsoft's anti-spam technology and strategy team, said last Friday that it has been working with the people behind SPF, or Sender Policy Framework, a proposed standard for verifying the domain of an email sender and prevent mail forgery. Microsoft wants to combine that system with its own Caller ID for Email, which has the same goal with a slightly different approach.

"We think it's important to have a single industry solution that can be adopted quickly," Webb said.

The cooperative effort comes as Microsoft is seeking industry support for Caller ID. On Thursday, it submitted the proposal to industry standards body Internet Engineering Task Force for consideration as a standard. SPF has been under review by the IETF for several months.

The two methods are designed to ensure that the sender's return email address is real. They allow Internet service providers to check the authenticity of incoming email by verifying it with records from the domain name system database.

Each method evaluates a different part of the email to verify authenticity. SPF examines the envelope information, and Caller ID looks at the content of the email to establish identity. A melding of the two specifications could produce a stronger authentication standard.

The proposals would help solve the domain-spoofing problem, which accounts for 50 percent of spam, according to Webb. "Spoofing" is a tactic used by spammers to make return addresses appear legitimate to the recipient's spam filters.

"This is a stepping stone to more technical solutions over time," Webb said.

Yahoo submitted its own email authentication proposal on Tuesday to the IETF. The technology, DomainKeys, has the same objective as Caller ID but through a different system. DomainKeys matches digital signatures between the email and the server to gain admittance to a person's inbox.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
86 out of 158 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:










Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters