Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Making Sender ID a De Facto Standard

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

  • Published: Jul 13, 2005
  • Category: Anti-Spam
  • Votes: none - none
Cast your Vote
Poor Excellent

Microsoft is making a coordinated effort to push forward the SPF/Sender ID technologies. This is paving the way for wide spread adoption bypassing any arguments against its standardization.

Last year's Sender ID/SPF standardization saga ended with the shutdown of the MARID group. It stirred quite some controversy. The main bone of contention being the patents Microsoft holds in this area.

Sender ID is an email authentication technology primarily aimed at combating spoofing. Spoofing is a widely adopted technique in SPAM and phishing attacks. It helps disguising emails as originating from a trusted sender.

The resistance to its standardization did not demoralize those backing Sender ID. Microsoft's plan to move forward with its project was immediately clear and the latest news give ample confirmation. The recent Hotmail Sender ID support gave a new push to its adoption. This was further coupled by the confirmation that Sender ID will be part of the upcoming Exchange 2003 Service Pack 2. Finally, to round it off, just recently the IETF approved SPF and Sender ID as experimental standards.

To close the circle, Microsoft is also working on simplifying the administrative task of creating SPF records. For this purpose it is sponsoring an on-line tool. The tool is perfect for those administrators who are allergic to reading Internet Drafts/RFCs. I ran through the wizard steps and was quite impressed. The tool guides the administrator to identify outbound email servers. It then generates the text for the SPF record. In most cases, administrators then just need to create a new text record at their DNS server and set it with the generated text.

Microsoft is clearly making a well coordinated effort, complete with carrot and stick. Sender ID will influence Hotmail and Exchange SPAM filters. Administrators will have to ask themselves whether they can still afford not publishing those SPF records at their DNS server. Once a large number of SPF records are published, anti-SPAM software providers will become under more pressure to ensure support at their products.

Microsoft is not the only pushing email authentication technologies. Other alternatives also exist. This includes Yahoo's DomainKeys and IBM's FairUCE. The anti-SPAM war has clearly attracted the big guns, all backing their technology.

Wide spread adoption is what makes a de facto standard. The push is there. We just have to wait and see.

References

Q&A: MSN Hotmail Adds Safety E-Alerts for E-Mail Authentication

Exchange 2003 SP2, Sender ID, Improved Mobility...

Slashdot: IETF Approves SPF and Sender-ID

On-line SPF Record Generation Tool

Copyright © 2005 - 2016 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation