Microsoft Unveils Details on 'Magic Solution' to Spam
Adding to industry proposals for combating e-mail spoofing, Microsoft announced it would implement its Caller ID for E-mail system on Hotmail and test it with several other e-mail systems.
Caller ID for E-mail aims to eliminate domain spoofing by requiring senders to publish the Internet protocol addresses of their outbound servers in the Domain Name System. Receiving e-mail systems check the message against the DNS to see whether it matches the registered server. Microsoft said it already began publishing IP addresses for outbound Hotmail messages and would start checking incoming mail early this summer.
Caller ID gained some support with agreement from Amazon.com, Brightmail and Sendmail to test the system. To buttress Caller ID, Microsoft proposed a Coordinated Spam Reduction Initiative that would follow up on authentication with a reputation system for bulk e-mailers.
"We believe that Caller ID for E-mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business," Gates said in a speech yesterday at RSA Conference 2004.
Microsoft's Caller ID is one of a number of industry proposals to combat spoofed e-mail. Under the current system, Simple Mail Transfer Protocol, a spammer easily can forge the return address on e-mail, making tracing the source of spam extremely difficult. Microsoft, Yahoo, AOL and EarthLink last April established an industry group to cooperate on various spam-fighting fronts, including the development of a standard for e-mail identity protocols.
Yahoo has championed its own system, known as DomainKeys, which uses public-private keys to determine sender identity. Sendmail, which handles 60 percent of all e-mail, said it would test DomainKeys and Caller ID for E-mail.
"It's very rare, especially on the Internet, to see one solution dominate everything," said Rand Wacker, director of product strategy and planning at Sendmail. "There will probably be two, three, four that are widespread."
AOL champions an open standard known as Sender Permitted From, a free protocol that uses the publicly available domain registration records and a list of servers the domain owners use to send mail.
AOL spokesman Nicholas Graham praised Microsoft's initiatives, stressing that the major ISPs remained committed to working together to find the best solution to fighting spam across the industry.
"We view this as a rolling thunder campaign for the industry to make progress on our joint anti-spam efforts," he said.
Graham said AOL planned to test Caller ID for outbound mail and was open to testing other authentication systems, such as DomainKeys. A Yahoo spokeswoman said the company would evaluate Caller ID along with all authentication proposals.
Hans-Peter Brondmo, a fellow at e-mail service provider Digital Impact, said e-mail marketers would move to publish the necessary data for the authentication systems before they deploy in the coming months.
"The big uncertainty is how well these things work in deployment," he said. "We need to deploy and test these different schemes to see what work best."
Microsoft also proposed a system that builds on authentication to provide a way for legitimate marketers to ensure their messages get through. Microsoft endorsed independent third parties certifying compliance with agreed-upon industry standards similar to those set down by TRUSTe for privacy practices.
Microsoft said mail from certified companies should carry digital certificates to allow it to bypass spam filters. For smaller e-mailers unable to afford certification, Microsoft proposed requiring them to spend a few seconds of computer processing power before their mail is delivered. Gates has said such a system would crush spammers, who would need to invest too much money in computing power to make sending unsolicited e-mail worthwhile.