June 22, 2005 6:25 PM PDT
Microsoft pushes spam-filtering technology
- Related Stories
-
Should Microsoft own antispam?
November 9, 2004 -
Microsoft-backed antispam spec gets filtered out
September 23, 2004
Sometime around November, Hotmail and MSN will flag as potential spam those messages that do not have the tag to verify the sender, Craig Spiezle, a director in the technology care and safety group at the software maker said Wednesday. The move is meant to spur adoption of Sender ID, he said.
Sender ID is a specification for verifying the authenticity of e-mail by ensuring the validity of the server from which the e-mail came. While the purpose of curbing junk mail may be laudable, the debate on how to stop the tide of junk mail is still ongoing. According to Microsoft, up to 90 percent of e-mail is spam.
Critics say Sender ID, which includes technology developed by Microsoft, is not an accepted standard and has many shortcomings. Also, there are technologies that compete with Sender ID, such as Yahoo's DomainKeys.
"We think Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard," said Dave Rand, chief technologist for Internet content security at security software company Trend Micro.
Microsoft's move increases pressure on e-mail senders to adopt Sender ID. The technology requires Internet service providers, companies and other Internet domain holders to publish so-called SPF (Sender Policy Framework) records to identify their mail servers.
About 1 million domains currently publish SPF records, Microsoft said. That's far from the 71.4 million registered domains worldwide at the end of last year. Still, because some large e-mail senders such as AOL support Sender ID, about 30 percent of e-mail today carries Sender ID information, according to e-mail filtering company MessageLabs.
Criticism for the technology
Sender ID has not been a success because it is not very highly regarded, said Ray Everett-Church, co-founder of the Coalition Against Unsolicited Commercial E-mail and co-author of the book "Fighting Spam for Dummies."
"Microsoft has been trying to shove Sender ID down the throats of the Internet community for several years now, to little effect," he said.
Microsoft's unilateral move may hurt Internet users, he said. "Sender ID isn't widely deployed, meaning that average users are now at risk for having their legitimate e-mail tagged as spam when they send messages to Hotmail users."
Experts say one of the problems with Sender ID is that it doesn't work with e-mail forwarding services. The basic premise of Sender ID is to check if an e-mail that claims to be coming from a certain Internet domain is really being sent from the e-mail servers associated with that domain.
"If you receive mail forwarded through, for example, a university alumni account, the Sender ID check fails," said Matt Sergeant, a senior antispam technologist at MessageLabs.
The Internet Engineering Task Force, a standard-setting body, dissolved a working group on Sender ID in September. Still, Microsoft is plowing ahead with Sender ID, perhaps in a last-ditch effort to make good on a promise by Chairman and Chief Software Architect Bill Gates to can spam by 2006.
"All domain holders and e-mail senders should be publishing SPF records and planning to do that now if they want to improve the legitimacy of their mail, plus protect their domain and consumers. It is the responsible thing to do," Microsoft's Spiezle said.
Turning on the filters at Hotmail and MSN will give e-mail senders a reason to adopt Sender ID, Spiezle said. Without an incentive, many have said that they won't publish SPF records, he said. "We're in a catch-22," he said. "What we're trying to do is to do the right thing by giving everyone advance notice."
However, this Microsoft effort to push adoption of Sender ID is likely to fail, certainly with such a short deadline, said Jonathan Penn, an analyst at Forrester Research. "Hotmail is in no position to dictate that organizations adopt Sender ID," he said.
Adopting Sender ID or any other technology requires time and money, Penn said. "Company budgets are on a yearly cycle, and most of them have no money for such a project this year," he said.
Microsoft argues that publishing SPF records is simple. It usually does not require new hardware or software and the most arduous part is doing an inventory of mail servers and the subsequent maintenance of the record, Spiezle said.
See more CNET content tagged:
Sender ID,
spam filtering,
MSN Hotmail,
domain,
MessageLabs Ltd.
It's quite sad, really; such oversights are what made SMTP into what it is today...
My questions is ,not being programmer,where is best place to turn to develop or present idea.
If everyone used my system it will completly prevent spam,spaming would be worthless business and regardless or where you use my system it would work.
Again I wonder what is best place to start with idea,I would prefer bigger company to develop rather then using small one.
Use exiting email address,you can actually GIVE your email address to anyone you want,evan call your favorite spammer and asked him to spam you,its actually very CHEAP to create,very easy to use,hackable but so complex to hack into that it would take decades,actually it can handle multiuse emails with one single email address and yes it actually has tracking system that is so simple but yet very effective that it will ELIMINATE spam completly.
If anyone knows place to presnt this email me bostech.fl@netzero.com
Neither SPF nor Sender-ID are technologies that can control spam. They can to a very limited extent help avoiding phishing, by identifying the forgery of addresses like INFO@MICROSOFT.COM. But they would not stop mail "from" addresses in all of INFO@MICR0S0FT.COM INFO@MlCROSOFT.COM INFO@M1CROS0FT.COM or INFO@M1CR0SOFT.COM.
hacker more than 10 minutes to defeat this Sender ID crap, the
hacker should be demoted to newbie. The key to controlling SPAM
is to eliminate the few sources which provide most of the SPAM.
There are adequate laws on the book for that now, what we need is
someone with the hiorsepower to apply them, not another useless
MS 'innovation' .
The fact that a Microsoft guy is again talking about SPF is probably the big news here.
What Microsoft is doing is not only harmful to consumers, but is also disrespectful to the Internet standards bodies, like the W3C and the IETF. Their policy seems to be "Our standard was refused, but it will be the standard because we say it is." This is a subversive attitude, not wanting to play by the rules.
Now, I do applaud Microsoft for the Hotmail Spam Filters. They have done miracles for me, to the point where I only recieve about three or four Spam messages a week, and those are delivered to the Junk Mail folder. It makes me wonder why MS seems to think that their Sender ID is necessary, when they already have good filters.
The real solution to spam is in the consumer. Basically anyone can avoid being spammed: all you have to do is not subscribe to any newsletters, avoid entering porn sites and don't click on any "Free Screensaver" or "1,000,000th visitor" ad you see. This does not guarantee you will never recieve spam, but it will be minimal.
I expect that this would backfire monumentally. But probably they'll abandon the idea before it launches when they notice that ISP's are not following their intentions.
Again, Microsoft shouldn't be able to dictate and create defacto
"standards" by leveraging its Monopoly in the Windows Distribution
Channel.
won't allow forwarding of email! Brilliant! Genius! Incredible!
And completely worthless.
When are the people in Redmond going to get a clue about how
email actually works - that people forward messages all the
time, especially people using academic accounts and those who
use anonymous posting systems for good reasons - like those
who want to STAY anonymous because they have problems with
cyberstalkers and REAL stalkers, whacked-out ex's, nasty
divorce issues and even problematic issues like spammers who
have beaten every anti-spamming technology to come down the
pike to date?
When will they understand that some people actually VALUE their
privacy? When will they understand that Microsoft has NO right
to know WHO they are?
Yet they want everyone to identify themselves or they won't be
allowed to use their Hotmail service. If that's the case, then my
suggestion to the public is to use something else and teach
Redmond a lesson - that they are NOT the only players on the
Web!
Lee Darrow, Chicago, IL
Same goes for thousands of people who work from home and send mail from their corporate addresses using their ISP's SMTP server due to port 25 blocking. They'd all be bocked by Sender ID.
I say who cares about Hotmail, there are plenty of free email providers that provide better service than hotmail anyway. I personally have a rule setup to block all incoming mail from hotmail because so much junk mail is coming from hotmail addresses (albeit usually spoofed addresses).
- The bottom line.... Avoid MSN and Hotmail like the plague!!!
-
by qazwiz
June 24, 2005 12:27 PM PDT
- This is just another reason to avoid the pariahs known as MSN and Hotmail
-
Reply to this comment
-
-
See all 46 Comments >>there has been bad talk about the pair for years and very little good.
the message before me (title Hurts consumers with their own domain name) has implemented a drastic but good idea... he has his filters trash any hotmail sender due to high spam.. spam that wouldn't be stopped by the "ID" in question since hotmail obviously includes it in their eMail
in all my time on the internet I've only encountered two, maybe three, actual people who use hotmail and the two I can think of are both overseas
might I suggest an extension to my predecessors extreme?
go ahead and automatically trash hotmail senders... BUT FIRST evaluate the subject line for a code word (a suggestion COLDMAIL) that will send it to inbox if found.... have friends add the codeword to all eMails and they won't be trashed