Microsoft is planning to force its Sender ID anti-spam plans onto the world stage by checking that e-mails sent to its Hotmail, MSN and Microsoft.com mail accounts come from valid e-mail servers.
The company is strongly urging e-mail providers and ISPs to publish Sender Policy Framework (SPF) records that identify their e-mail servers in the DNS by mid-September. It will begin matching the source of inbound e-mail to the IP addresses of e-mail servers listed in that sending domain's SPF record on 1 October.
Messages that fail the check will not be rejected, however, but "further scrutinized and filtered", according to Craig Spiezle, director of Microsoft's safety technology and strategy group.
Sender ID is a proposed technology standard, backed by Microsoft, for verifying an e-mail's source. It combines two previous standards: Microsoft's Caller ID and the Meng Weng Wong-developed SPF. The proposed standard was submitted to the IETF in June for consideration, and, if adopted, could provide a way to close loopholes that allows spammers to fake the message's origin.
Tens of thousands of SPF records have already been published in DNS by companies and ISPs such as Microsoft and AOL. However, few companies have taken the added step of using information from the published SPF records to confirm the "purported responsible address", or PRA that the e-mail message claims as its source.
A failed PRA check will be a "factor" that Microsoft's SmartFilter technology will use to determine whether a given message is spam, according to George Webb, manager of Microsoft's anti-spam group. The extra filtering will be akin to extra security screening at an airport, slowing unauthenticated messages down, compared with messages with confirmed PRAs. "We're at a point where we think it's clear people should be publishing SPF records," Webb said.
How kindly ISPs look at Microsoft attempting to impose its selected anti-spam technology on the industry has yet to be seen. As one of the largest e-mail providers, Microsoft's decision to use Sender ID will have an immediate impact. But whether it becomes a success will depend on whether other big players decide the benefits are worth more than the irritation at following Microsoft's will.
Microsoft is attempting to smooth the process through the Global Infrastructure Alliance for Internet Safety, an international ISP working group of most the world's biggest ISPs. The company is also working with leading e-mail vendors, including Sendmail and IBM, Webb said.