At a Chicago conference on e-mail authentication on Wednesday, Microsoft plans to talk about the success it's having with on its own hosted e-mail services, such as . The software giant said it will outline how the verification system is benefiting its e-mail subscribers and those who send messages to them.
The proof of concept is key to Microsoft, as it continues its, which puts the source of messages under more scrutiny than normal. The effort includes using perhaps its greatest weapon: cash. The Redmond, Wash., company is providing funds to e-mail security vendors to promote checking for authentication in inbound messages.
"The overall goal is to restore trust and confidence in e-mail," Craig Spiezle, a director in the technology care and safety group at Microsoft, said in an interview. "We can now clearly articulate the real business value of authenticated e-mail....This is some of the hard data that has been lacking."
Sender ID is a specification forby ensuring the validity of the server from which it came. The technology is to help stem the and by making it harder for senders to forge their addresses and by improving e-mail filters.
On e-mail that uses Sender ID, along with enhanced spam filtering, Microsoft was able to reduce the number of false positives, or e-mail wrongly identified as spam, on Hotmail by up to 80 percent, Spiezle said. In addition, for high volume "good" senders who use Sender ID, Microsoft's analysis showed their false positive rate on average dropped to nearly zero. At the same time, the number of junk messages incorrectly let through declined by more than 85 percent, Spiezle said.
"We're very excited about this," Spiezle said. "It gets back to why should I care, and what's new. We look at this as providing superior business and technical value for the entire e-mail ecosystem--a solution that has effectively no cost, no performance impact to the senders and receivers, and that is providing real results."
As part of its push, Microsoft in late February kicked off a program that offers funding to e-mail security companies to adopt e-mail authentication protocols like Sender ID, Spiezle said. The funds are available to those that provide tools to filter incoming e-mail. CipherTrust and IronPort said they're among the companies that have applied for the money, but neither would disclose actual amounts.
"It is the chicken and the egg: The more people that authenticate inbound, the higher the value is to authenticate outbound, and conversely," Spiezle said.
Results so far
If adopted widely, such e-mail authentication technology could help people make sure that a message that claims to be from their bank actually was sent by the bank. Authentication alone does not stop junk and spoofed messages, but it can make spam filters more effective, by allowing filters to rate domains based on the e-mail that is sent.
However, America Online and eBay, two of the other early adopters of e-mail authentication, haven't yet seen many real results from it, company representatives said. AOL takes in a lot of e-mail for its more than 20 million Internet access subscribers, while eBay is the source of more than 1 billion messages a month.
"I think we're starting to see where it is effective and how it can be effective, but it is still in the early stages," Hani Durzy, an eBay representative, said.
E-mail authentication has been, which has held back adoption. Microsoft's involvement sparked , and the company has been accused of into adopting Sender ID, even though there's still debate over alternatives and a lack of standards.
"The tide has turned; the dust has settled," Spiezle said, adding that the e-mail authentication scene is much clearer today then a year ago. "The controversy and lack of having hard data has been in a sense some noise for businesses, so they did not even hear the message. Now they want to move forward."