Advertisement
Promo

Security threats Toolkit

Microsoft revamps Sender ID

Stefanie Olsen CNET News

Published: 26 Oct 2004 08:20 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft has revised its anti-spam specification Sender ID following the spec's near-death in the technical community.

The software giant said Monday that it has rewritten Sender ID -- a specification for verifying the authenticity of email with Internet Protocol records -- to address criticisms of the spec's earlier incarnation. Among other changes, Microsoft removed language in its pending patents for Sender ID that could have included claims to Sender Permitted From, or SPF, a widely used system for email authentication that was merged with Microsoft's CallerID for Email to create Sender ID, according to Microsoft's Ryan Hamlin.

"We wanted to complete what we started," said Hamlin, general manager for Microsoft's safety technology and strategy group. Microsoft has resubmitted the specification to the Internet Engineering Task Force, a technical standards body.

Last month, the IETF shut down the working group that was charged with building consensus for Sender ID and turning it into an industry standard. Consensus became impossible after some people in the open-source community said Microsoft's patent claims could enable the software company to eventually charge royalties. Others were critical of the system's inability to work with previously published records in SPF.

As a result, America Online and open-source groups pulled their support of Sender ID. And Meng Wong, the architect of SPF, said he would retrench on his technical specification alone.

Microsoft's Hamlin said on Monday that the company has revised Sender ID by making it backward-compatible with 100,000-plus SPF records already published. He also said Sender ID will give email providers a choice to publish records in SPF, which verifies the "mail-from" address to prevent fraud, or in PRA -- purported responsible address.

PRA records let an email provider check the "display address" of an email in its headers against the numerical IP address of the sender. That process can prevent so-called phishing attacks by spammers who forge the display address.

Email providers and senders now have the ability to publish in and check the authenticity of email with both methods in Sender ID.

"We've been trying to make it as user-friendly as possible. We've got the spec to the point where you only have to publish one record for two purposes. I see that as a little victory," said Wong.

Still, some people in the open-source community are concerned about Microsoft's other pending patent over Sender ID, which prevents users of the specification from sublicensing it.

AOL said on Monday that it has renewed support for Sender ID in its current form.

The IETF has granted Sender ID "experimental" status so that the industry can test it, along with competing email authentification proposals, and build consensus that way.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
97 out of 296 people found this useful


Company/Topic Alerts

Create a new alert from the list below:






Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters