Friday, 25 June 2004

Microsoft has filed the new Sender-ID email spec with the Internet Engineering Task Force. The spec is a hybrid of Microsoft's "Caller ID for E-mail" and the competing-but-similar "Sender Policy Framework" (SPF).

Security Pipeline: "The new specification, called Sender ID, proposes that organizations publish information about their outgoing e-mail servers, particularly IP (Internet Protocol) addresses, in the Domain Name System (DNS) in XML. If adopted, Sender ID would serve as an e-mail authentication system that verifies the message actually originated with the purported address."

This will be a hot item over the next year or so. Expect to see this actually happen. The merged specs that were filed allow verification that the sender domain is legitimate and not spoofed on two layers, and the concept of sender-authenticated email is picking up a real head of steam.

If it flies, the bad effects of all those phishers and spammers will be significantly reduced (at least until they figure a way around that, too...).

UPDATE: Bill Gates' announcement about the new technologies and anti-spam roadmap is viewable on the web. I received the "executive email" from Microsoft a couple days after posting this original entry.

Friday, 25 June 2004 18:18:28 (Pacific Standard Time, UTC-08:00)
