AOL withdrew its support for Microsoft's Sender ID e-mail identity standard late Wednesday, likely cementing the creation of two dominant e-mail authentication protocols.
AOL said it instead would check incoming e-mail using Sender Policy Framework, an open-source authentication standard that it first endorsed in December 2003. The Internet service cited “tepid support” among the open-source community for Sender ID.
“Additionally, AOL has serious technical concerns that Sender ID appears not to be fully, backwardly compatible with the original SPF specification,” the company said in a statement.
Microsoft spokesman Sean Sundwall said Microsoft plans to check incoming mail to MSN and Hotmail for Sender ID records starting in October. AOL will begin checking incoming e-mail for SPF sometime this fall, spokesman Nicholas Graham said.
E-mail receivers are likely to line up in either the Microsoft camp or AOL's. However, commercial e-mailers will need to accommodate both Sender ID and SPF, according to e-mail experts. Microsoft's MSN and Hotmail services and AOL's 28 million subscriber base are key constituencies for e-mail marketers.
Microsoft and AOL gave clues to the need for dual compliance by saying that they would publish their server records in both the SPF and Sender ID formats. Margaret Olson, technology committee co-chair for the E-mail Service Provider Coalition, said in a statement that commercial e-mailers should do the same.
“Senders were publishing both SPF and Sender ID records before the AOL announcement, and nothing has changed,” she said.
The Sender ID standard met stiff opposition in the Internet Engineering Task Force's working group devoted to developing a standard. Detractors laced into Microsoft for its Sender ID licensing requirements and assertions of intellectual property rights on the technology through undisclosed patent applications.
Graham said AOL's decision against deploying Sender ID was not made in consideration of either of these issues.
The split among two of the top receiving domains appears to doom the emergence of a single e-mail identity standard as envisioned when Microsoft combined its then-Caller ID protocol with Meng Wong's SPF in May.
“[Microsoft] will do what it's going to do, and the open-source people will do what they will do, and senders will have to satisfy both,” Wong said.
The IETF acknowledged as much last weekend, when the co-chair of its working group, Andrew Newton, announced a compromise on Sender ID that would let receivers verify e-mail using either Microsoft's method or through an open-source mode.
Sender ID supporters note that the standard will remain a major factor in authentication. Despite losing AOL's support, Sender ID is supported by IronPort, Verisign and the E-mail Service Provider Coalition.
“We believe that Sender ID is very valuable to e-mail recipients and that market demand will ultimately drive its adoption,” coalition executive director Trevor Hughes said in a statement.
Craig Taylor, CTO for San Bruno, CA-based e-mail infrastructure provider IronPort, said the differences between AOL and Microsoft should matter little to senders, because the debate is over the mechanism for checking server records in the domain name system.
“If the IETF does its job, and I think it will, [senders are] just going to publish an SPF record,” he said.
E-mail authentication technologies, like Sender ID, SPF and Yahoo's DomainKeys, are meant to fix a flaw in the e-mail architecture that gives senders anonymity. The establishment of a secure e-mail identity is also seen as a key first step to stopping spam, as it allows accreditation and reputation systems to hold senders accountable.
