| |
intelliot
Site Admin
Joined: 01 May 2004
18653.45 GC$
Items
|
 Posted: Fri Jul 23, 2004 11:09 pm Post subject: Microsoft to enforce Sender ID checks |
 |
|
|
| Quote: | Microsoft Corp. will soon put some bite into its Sender ID antispam plans by checking e-mail messages sent to its Hotmail, MSN and Microsoft.com mail accounts to see if they come from valid e-mail servers, as identified by the Sender ID, according to a company executive.
The company is strongly urging e-mail providers and Internet service providers (ISPs) to publish Sender Policy Framework (SPF) records that identify their e-mail servers in the domain name system (DNS) by mid-September. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol (IP) addresses of e-mail servers listed in that sending domain's SPF record by Oct. 1. Messages that fail the check will not be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft's Safety Technology and Strategy Group.
Spiezle announced the company's plans while speaking to a group of antispam luminaries on Thursday at The Open Group Conference in Boston.
Sender ID is a proposed technology standard, backed by Microsoft, for verifying an e-mail message's source. It combines two previous standards: the Microsoft-developed "Caller ID," and the Meng Weng Wong-developed SPF. The proposed standard was submitted to the Internet Engineering Task Force (IETF) in June for consideration. If adopted, Sender ID could provide a way to close loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," their message's origin.
Microsoft Chairman and Chief Software Architect Bill Gates unveiled Caller ID in March. The proposed standard asks e-mail senders to publish the IP address of their outgoing e-mail servers. E-mail servers and clients that receive messages from Caller ID domains could check the DNS record and match the "from" address in the message header to the published address of the approved sending servers. E-mail messages that didn't match the source address could be discarded or quarantined.
DNS is the system that translates numeric IP addresses into readable Internet domain names.
SPF also requires e-mail senders to modify DNS to declare which servers can send mail from a particular Internet domain. However, SPF only checks for spoofing at the message transport or "envelope" level, verifying the "bounce back" address for an e-mail, which is sent before the body of a message is received and tells the receiving e-mail server where to send rejection notices.
Under the merger proposal, organizations sending e-mail will publish SPF records identifying outgoing e-mail servers in DNS. Companies will be able to check for spoofing at the envelope level, as proposed by SPF, and in the message body, as proposed by Microsoft.
Tens of thousands of SPF records have already been published in DNS by companies and Internet service providers such as Microsoft and America Online Inc. However, few companies have taken the added step of using information from the published SPF records to confirm the "purported responsible address," or PRA that the e-mail message claims as its source.
A failed PRA check will be a "factor" that Microsoft's SmartFilter technology will use to determine whether a given message is spam, according to George Webb, business manager for the Antispam Technology & Strategy group at Microsoft. The extra filtering will be akin to extra security screening at an airport, slowing unauthenticated messages down, compared with messages with confirmed PRAs.
"We're at a point where we think it's clear people should be publishing SPF records," Webb said.
As one of the largest e-mail providers, Microsoft's decision to enforce SPF record checking will ripple throughout the Internet. However, administrators at e-mail provider and ISPs ultimately decide whether to validate incoming messages' PRAs, and what to do with messages that fail the check, according to Webb. Mail Transfer Agent (MTA) vendors, which make e-mail servers, must also design their products to act on the Sender ID authentication information, he said. |
|
|
| Back to top |
|
|
cvrk3
Google Guru
Joined: 05 Jul 2004
Location: India
16443.40 GC$
Items
|
| Posted: Fri Jul 23, 2004 11:54 pm Post subject: |
|
|
|
| hats off to the thinkig process. |
|
| Back to top |
|
|
jjpowers
Junior Googler
Joined: 25 May 2004
Location: Boston
980.48 GC$
Items
|
| Posted: Sun Jul 25, 2004 7:54 am Post subject: Sender ID Checks |
|
|
|
| I second the Hats Off! |
|
| Back to top |
|
|
Sponsored Links
|
| Posted: 5 Dec 2008 4:25 am Post subject: Advertisements |
|
|
|
|
|
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Host your free forums with Invision Plus.net forum web hosting with your own subdomain.
alexisBlue v1.2 // Theme Created By: Andrew Charron // Icons in Part By: Travis Carden |
|
|
|
|
