Sender ID Gets Notice

by Tim Gray

Vendors meet in New York to address the ever popular issue of e-mail security.

NEW YORK -- The solution for stamping out e-mail-based scams may never be complete, but as evidenced at the E-mail Authentication Implementation Summit 2005 on Tuesday, insiders appear more resolved than ever to work together toward that goal.

The event, organized to bring together a diverse collection of e-mail analysts and providers, featured discussions and potential solutions, such as Sender ID, SPF and DKIM, to the halting Internet scourges.

Microsoft, the author of Sender ID, presented results of a six-month study that raised issues about Web users reluctance to trust e-mail.

According to the study, 80 percent of online users say spoofing and phishing attacks have impacted their trust in e-mail from companies or individuals they don't know.

"What you are seeing is the immediacy is being driven by the escalations and severity of the online threats that are impacting businesses and brands," Craig Spiezle, a director in Microsoft's e-mail safety group, said.

Spiezle said the industry is moving ahead with specifications and that Microsoft submitted its specs for Sender ID to the Internet Engineering Task Force (IETF), which approved them "under experimental status."

"Which basically says go forward and report back on your finding," he said.

Microsoft's attempts to make Sender ID an Internet standard failed last year when the IETF shut down a working group trying to come up with an e-mail authentication solution.

Although the Redmond, Wash., company made revisions, open source software proponents balked over Sender ID licensing terms and would not accept the technology as an industry standard. IETF officials at the time suggested real-world deployments of the technology, as well as other specifications and subsequent reports of those deployments.

Microsoft has a three-pronged approach to solving the problem, which it breaks into prescriptive guidance (educating); collaboration and partnerships; and technology.

"No one company can do this alone; no one industry can do this alone; and the government can't do this alone," he said. "It really requires collaboration."

The conference came just days after Yahoo and Cisco teamed to propose their e-mail authentication specification as a standard to the IETF.

The Domain Keys Identified Mail (DKIM) specification is the combination of two related, competing technologies: Yahoo's Domain Keys and Cisco's Identified Internet Mail (IIM).

The IETF is expected to discuss the proposed standard later this month at a meeting in Paris.

While Microsoft has contributed to DKIM, the company's primary goal is to push the Sender ID standard.

Microsoft recently revamped its Web-based Hotmail so that all messages not using Sender ID are identified.

"As adoption of Sender ID and SPF records grows, and the lack of a domain with an SPF record becomes the exception to the norm, we may choose to investigate unauthenticated e-mail more closely before deciding whether to deliver it to the user's inbox," Spiezle said.

Article courtesy of internetnews.com

This article was originally published on Thursday Jul 14th 2005