Microsoft revised its Sender ID e-mail authentication technology to address concerns raised by AOL.
Microsoft said yesterday it submitted the new Sender ID specification to the Internet Engineering Task Force, the Internet's standards body. Among the changes in the new version, Microsoft tweaked the standard to let senders publish their server records only once to comply with both Sender ID and SPF (Sender Policy Framework), the open source e-mail authentication standard.
AOL said yesterday it supports the reformulated Sender ID standard. AOL dropped its support for Sender ID in September, citing concern that the technology was incompatible with SPF, which AOL first endorsed in December 2003. SPF subsequently was combined with Microsoft technology to make Sender ID.
Sender ID is now “backward compatible,” meaning the more than 100,000 domains that already have published their e-mail servers' SPF records will not need to change their server listings for receivers using Sender ID. Senders now can comply with both authentication methods by publishing their server records in either of two formats, not both.
“It's a good thing, because now senders can publish one thing and have it used for two purposes,” said Meng Wong, chief technical officer for Pobox.com and the creator of SPF.
AOL plans to begin checking incoming e-mail for Sender ID records by the end of the year. Company representatives have said it will check incoming mail for SPF records this fall. Microsoft has begun checking incoming e-mail to Hotmail and MSN for Sender ID records.
Microsoft spokesman Sean Sundwall said Sender ID is one of many factors that determine whether an e-mail reaches a user's inbox. The company is testing an implementation for Hotmail users that would highlight Sender ID-compliant e-mail, such as giving those messages a gold star-type seal of approval.
“We're working on what the user interface would look like,” Sundwall said. “Once you get broad adoption, having a star by it would mean something to it.”
The Internet Engineering Task Force was unable to reach a consensus last month on approving Sender ID as an industry standard after objections from open-source software advocates to Microsoft's licensing requirements and patent claims related to Sender ID. The new Sender ID specification lets receivers check incoming e-mail using either the patent-encumbered method or another method. It does not require receivers to license the Sender ID technology from Microsoft.
E-mail authentication technologies, like Sender ID, SPF and Yahoo's DomainKeys, are meant to fix a flaw in the e-mail architecture that gives senders anonymity. This has led to a sharp rise in so-called phishing attacks that use fake e-mail addresses to defraud consumers.
