Microsoft chairman and chief software architect Bill
Gates will use this week's RSA Conference in San Francisco to
unveil a proposed open technology standard aimed at making it
harder to fake the source of unsolicited commercial
e-mail.
Caller ID is a Microsoft-developed take on sender authentication
technology that tries to validate the source address associated
with an e-mail message, according to John Levine, co-chairman of
the independent Antispam Research Group, part of the Internet
Engineering Task Force (IETF).
A Microsoft spokesman could not confirm the information about
Caller ID, but said that Gates will be talking about spam in a
"variety of different contexts".
Sender authentication is rapidly gaining acceptance among e-mail
experts and ISPs as a weapon in the fight against spam. Yesterday,
Sendmail said it would develop and distribute sender authentication
technologies to its customers and the open-source community to
combat spam, viruses and identity fraud in e-mail.
Sendmail will incorporate a "selection of sender authentication
technologies" into its open-source Mail Transfer Agent (MTA),
including a technology called DomainKeys championed by Yahoo and
"proposals put forward by Microsoft and others", Sendmail said.
A Microsoft spokesman confirmed reports that the company will
release a sender authentication plug-in along with Sendmail.
Caller ID is similar to a nascent technology called Sender
Policy Framework (SPF), developed by independent antispam
researcher Meng Wong of e-mail forwarding service Pobox.com.
Instead of analysing the content of messages to spot spam, the
SPF protocol allows internet domain administrators to describe
their e-mail servers in an SPF record that is attached to the DNS
(Domain Name System) record using a special SPF description
language. Other internet domains can then reject any messages that
claim to come from that domain but were not sent from an approved
server.
Caller ID also relies on administrators adding lists of
published e-mail servers to the DNS record for their internet
domains. Whereas SPF uses its own syntax for listing the domain
addresses, Microsoft's Caller ID uses XML to describe the valid
e-mail servers.
SPF also allows e-mail gateways to analyse the e-mail envelope,
a wrapper for the message that is transferred between mail servers
before the full message is sent.
Messages that do not come from a valid server at the domain are
dropped before any message content is sent. In contrast, Caller-ID
analyses the sender IP address information stored in the e-mail
message header, which requires the whole message to be downloaded
by the receiving e-mail server before it can be accepted or
rejected.
Paul Roberts writes for IDG News Service