Microsoft pushes Sender ID anti-spam

Microsoft pushes Sender ID anti-spam


2.2m internet domains currently publish Sender ID records, company boasts

Microsoft plans to officially unveil its MSN Postmaster Services spam portal at the E-mail Authentication Summit in Chicago today.

The portal, which aims to educate internet providers about fighting spam, has been in beta since last year and is one of several efforts by Microsoft to fight the volume of spam that reaches users' inboxes.

Microsoft has previously promised to filter out 98 to 99 per cent of all spam by June 2006.

The anti-spam initiative is centred around Microsoft's Sender ID technology. In an effort to weed out forged sender addresses, the technology checks whether an email's sender matches the corresponding internet protocol (IP) address.

Spammers often use a forged 'From' address to hide their identity and sneak past spam filters. Sender ID works on the basis that it is much harder to spoof an IP address than it is to spoof an email address.

The technology requires domain owners to publish so-called Sender Policy Framework (SPF) records, a list of IP addresses used to send email.

Spam filter developers such as Symantec and Sendmail as well as Microsoft's Hotmail service support the technology.

About 2.2 million internet domains currently publish SPF records, and Microsoft claimed that more than 100 of the world's largest companies adhere to the standard.

Of the two billion email messages sent every day, 3.3 million are SPF compliant. Spam comprises roughly 70 to 80 per cent of global email traffic.

Microsoft also claimed that Sender ID can help email senders to cut back on the number of messages incorrectly flagged as spam, better known as false positives.

Sender ID is only one of several spam fighting technologies. Cisco Systems and Yahoo are major backers of the Domain Keys Identified Mail (DKIM) specification which has been submitted to the Internet Engineering Task Force for approval.

This technology uses an encrypted certificate that allows the email recipient to verify the sender's identity. A mismatch between the certificate and sender is likely to be the result of a spam or phishing email.

DKIM is backed by AOL which unveiled another initiative earlier this year offering legitimate bulk email senders guaranteed passage past its spam filters for a fee.

The programme has been sharply criticised because it allegedly creates a two-tier system where those who can afford to pay will get a preferential service.

It also creates an incentive for AOL to downgrade its existing spam filters to try and drive more companies into paying for email.