Microsoft Revises Sender ID Framework

After backlash over its Sender ID anti-spam proposal, Microsoft has gone back to the drawing board in hopes to appease industry concerns. In a revised Sender ID Framework submitted to the Internet Engineering Task Force (IETF) standards body, Microsoft ensured compatibility with SPF, or Sender Policy Framework, a competing technology.

The IETF originally rejected Sender ID due to patent concerns and last month AOL followed suit, opting to support SPF instead. But AOL subsequently sat down with Microsoft to help "work through some issues that were a concern for them," according to Redmond officials.

"After sitting down with other industry leaders, critics and companies in the open-source community to get their feedback, we revised the specification to ensure its compatibility with anyone who has published previous Sender Policy Framework, or SPF, records, and to provide these organizations with a range of choices," said Ryan Hamlin, general manager of Microsoft's Safety Technology and Strategy Group.

Sender ID, while developed in-house by Microsoft, is a royalty-free e-mail-authentication technology that requires verification of domains from which mail is sent. By doing so, Sender ID makes illegitimate e-mails such as spam and phishing scams easier to detect and eliminate. But many ISPs have already agreed to back SPF, forcing Microsoft to open up if Sender ID is to be accepted.

"This revised specification now accepts the 60,000 or so domains out there that have already published their records, and allows companies to choose between the simple From address verification or what is called a PRA (Purported Responsible Address) verification, which some companies prefer, including Microsoft," said Hamlin.

Microsoft says it will implement SPF and PRA checks into MSN mail and Hotmail later this year.

Meanwhile, Yahoo! has been developing its own anti-spam technology dubbed DomainKeys, which Google has said it will implement into its Gmail online e-mail service. The lack of industry consensus on how to best fight spam has prompted a consortium of organizations to propose an identity alternative to e-mail called i-names.

But Microsoft sees choice as a good thing for consumers. "We support the development of additional authentication technologies that can be used in conjunction with the Sender ID framework," remarked Microsoft's Hamlin. "We've been working with two promising proposals in particular, Yahoo!'s domain keys and Cisco's Identified Internet Mail."