We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AOL accepts Microsoft’s antispam plan revisions

Open Source bodies may still not be satisfied

After running into opposition to its Sender ID antispam plan, Microsoft has revised and resubmitted it to the Internet Engineering Task Force (IETF) for consideration, according to a company spokesperson.

The new plan, which was resubmitted to the IETF on Monday, resolves disputes with ISPs and the open-source software community about the use of patent-pending technology in Sender ID and should lead to broader adoption of the standard, according to Meng Weng Wong of Pobox.com, a co-author of the revised Sender ID proposal.

Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders, including spammers, to fake, or "spoof", a message's origin.

The standard combines two earlier authentication standards: Caller ID, developed by Microsoft, and Sender Policy Framework (SPF), developed by Meng. Organisations publish a list of their approved email servers in the DNS (domain name system) and can verify the origin of email messages by checking source information either in "mail-from" field, in the message envelope.

Alternatively, an e-mail address in the message header known as the purported responsible address (PRA) can be checked.

Microsoft submitted a draft of Sender ID to an IETF working group in June for consideration as a new email authentication standard. However, that process became bogged down over questions about patents that Microsoft said it had around algorithms used to check PRA addresses and licensing requirements Microsoft wanted to place on organizations that deployed Sender ID.

Among other concerns, open-source advocates objected to Microsoft's requirement that anybody using Sender ID authenticate the PRA address, not just the mail-from address used in SPF checks, Meng said.

The dispute produced some high-profile defections from the proposed specification, including the Apache Software Foundation and the Debian Project, which said in September that they could not support the Sender ID email authentication standard in their products.

AOL, an early SPF supporter, also said it would not fully implement Sender ID in September, because it was not compatible with early forms of SPF.

The new version of the standard addresses those concerns by allowing organisations to do either SPF checks on the mail-from address, or the fuller PRA checks, Meng said.

AOL will support the revised Sender ID specification because it did not require the 100,000 domains that have published SPF records to change their DNS listings, the company said Monday.

"This saves AOL and many others a great deal of time, resources and development work," the company said.

Microsoft expects the specification to be given "experimental" status by the IETF, but does not know if it will be taken up for formal approval by the group.

Regardless, the company expects to rally support for the specification among leading ISPs. Mail bound for Microsoft's Hotmail web-based email service will be checked for valid PRA addresses by the end of 2004. Messages that fail the PRA check will be submitted to additional filtering using Microsoft's SmartFilter technology, the company said.

Despite the changes, the new specification still might not satisfy open-source software advocates, who are still concerned about Microsoft's patent claims and its ultimate plans for Sender ID and the larger problem of proliferating IP (intellectual property) patents in the technology sector, Meng said.

Sundwall said that the proposed Sender ID license satisfied groups such as the World Wide Web Consortium and the American National Standards Institute (ANSI), and that was enough for Microsoft – even if groups such as the Free Software Foundation continue to oppose Sender ID.

Microsoft also took pains to clarify language in one of its Sender ID patent claims that some critics interpreted as encompassing SPF mail-from checks, in addition to PRA checks, Sundwall said.

An "experimental request for comment” version of the Sender ID specification should be published by IETF by the end of the year, Meng said, but he doesn't expect it to end up for consideration by a working group again.


IDG UK Sites

iPhone 6 review: best ever iPhone is very good... but no longer the best phone you can buy

IDG UK Sites

Why Apple and Samsung, Google and Microsoft's schoolyard spats make them all look stupid

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room ()......