Sender ID Submitted for Certification
Now called Sender ID, the protocol is a combination of Wong's SPF (Sender Policy Framework) and Microsoft's Caller ID proposals. The IETF, the Internet standards body, is charged with certifying an industry-wide standard for establishing e-mail identity.
Sender ID, which allows senders to verify their identity by publishing SPF records, has gained wide industry momentum. Microsoft, AOL, and EarthLink all back it, and more than 20,000 domains have published SPF records. The main holdout remains Yahoo, which is pushing its own e-mail authentication technology, DomainKeys, which is thought by experts to be more robust but more complex.
The submission of the Sender ID protocol came just days after Microsoft, AOL, EarthLink and Yahoo issued a joint call for collaboration on e-mail identity standards. All four Internet service providers agreed to test different technologies this year.
In an "executive e-mail" sent yesterday, Microsoft chairman Bill Gates hailed the agreement as evidence of real progress being made in the fight against spam.
"Wide agreement on the need to check messages for signs of forgery is a key step toward eliminating a favorite spammers' trick -- one used to defeat spam filters and entice unwary recipients into opening attachments that may contain harmful worms and viruses," he wrote.
According to a study of phishing attacks, in which falsified e-mail attempt to obtain personal information like credit card numbers, 95 percent had spoofed "from" addresses in May, according to the Anti-Phishing Working Group. The most common targets are banks and eBay.
Gates said e-mail authentication also would allow e-mail providers to add accreditation services, such as IronPort's Bonded Sender program that Microsoft has endorsed.
"These multiple efforts will dramatically reduce the costs of dealing with spam," Gates wrote.