Microsoft wants to meld antispam proposals

The software giant says the spam-blocking proposal backed by America Online should be combined with Microsoft's to more rapidly create a single, industrywide standard.

Stefanie Olsen Staff writer, CNET News
Stefanie Olsen covers technology and science.
Stefanie Olsen
2 min read
Microsoft is lobbying to combine its technical proposal for authenticating e-mail with a competing process, backed by America Online.

George Webb, group manager of Microsoft's antispam technology and strategy team, said Friday that it has been working with the people behind SPF, or Sender Policy Framework, a proposed standard for verifying the domain of an e-mail sender and prevent mail forgery. Microsoft wants to combine that system with its own Caller ID for E-mail, which has the same goal with a slightly different approach.

"We think it's important to have a single industry solution that can be adopted quickly," Webb said.

The cooperative effort comes as Microsoft is seeking industry support for Caller ID. On Thursday, it submitted the proposal to industry standards body Internet Engineering Task Force for consideration as a standard. SPF has been under review by the IETF for several months.

The two methods are designed to ensure that the sender's return e-mail address is real. They allow Internet service providers to check the authenticity of incoming e-mail by verifying it with records from the domain name system database.

Each method evaluates a different part of the e-mail to verify authenticity. SPF examines the envelope information, and Caller ID looks at the content of the e-mail to establish identity. A melding of the two specifications could produce a stronger authentification standard.

The proposals would help solve the domain-spoofing problem, which accounts for 50 percent of spam, according to Webb. "Spoofing" is a tactic used by spammers to make return addresses appear legitimate to the recipient's spam filters.

"This is a stepping stone to more technical solutions over time," Webb said.

Yahoo submitted its own e-mail authentication proposal on Tuesday to the IETF. The technology, DomainKeys, has the same objective as Caller ID but through a different system. DomainKeys matches digital signatures between the e-mail and the server to gain admittance to a person's in-box.