Microsoft is back with its SenderID for E-Mail proposal, this time attempting to make it a de facto standard through its Hotmail and MSN services.
According to published reports, the company plans by November to require mail sent to its Hotmail and MSN customers to be authenticated with SenderID for E-Mail. Mail that doesn't come from a conforming server will be tagged as potential spam.
SenderID, as previously reported on ENP is a hybrid technology, combining Microsoft's own Sender ID and the Sender Policy Framework (SPF) in an attempt to leverage the DNS system to stomp out spoofed mail such as is commonly used in phishing attempts.
Issues with Microsoft's hybrid technology, however, range from objections among the open source developer community to a complaint from the maintainers of the SPF portion of the technology.
In a comment on Slashdot, developer Wayne Schlitt, who is co-author of the SPF draft specification along with its originator, Meng Weng Wong, complained that Microsoft's implementation is "a horrible idea."
"While both SPF and SenderID break on many forwarded emails, SenderID breaks on many mailing lists also," he said. "Moreover, one of the most promising solutions to the SPF forwarding problem (a specialized DNS server, as outlined in section 188.8.131.52 in the SPF spec) breaks when SenderID uses it."
Schlitt went on to note that patent encumbrances in the SenderID specification will render it incompatible with key open source mail servers. His objections mirror earlier complaints from the Linux distributing Debian project, which said late last year that it would disable any such technology before distributing it.