Microsoft Should Open-Source Anti-Spam Technology - InformationWeek
IoT
IoT
Software // Enterprise Applications
Commentary
9/13/2004
12:37 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Microsoft Should Open-Source Anti-Spam Technology

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

Sender ID is Microsoft technology for identifying the sender of an e-mail message. According to advocates fo the technology, spam, viruses, and phishing work because the senders of an e-mail messages can put whatever address they like in the "from" line of a message. The recipient has no way of knowing if the message really came from customerservice@citibank.com, president@whitehouse.org or whatever address the message appears to be from.

Sender authentication alone won't stop spam, viruses and phishing, but it's a start. It'll enable users to reliably identify messages from known, good senders, and then put the others aside into a queue of potential spam and other bad mail, to be managed accordingly. Some users will run the questionable mail through filters, others will simply delete it unread.

In order for Sender ID to work, it has to see widespread adoption and, in order for that to happen, Sender ID has to be integrated into all the common e-mail server platforms. And that's the problem.

The open-source Apache Software Foundation said last week it won't support Sender ID because the licensing terms set by Microsoft are too strict.

According to the report by TechWeb News: "The foundation said the 'nontransferable' language in Microsoft's license, as well as its prohibitions on sub-licensing of the technology, made the software maker's terms unacceptable to the open-source development process." Apache projects include the web server of the same name, as well as the popular open source spam filter SpamAssassin.

For Sender ID to be successful, the technology needs the support of all e-mail software makers, not just the vendors of proprietary software. Microsoft needs to work with open source software creators to get Sender ID incorporated into open source e-mail packages.

That's not the only problem with Sender ID.

Identifying the domain that e-mail comes from is nice, that doesn't tell you who actually sent the mail. Sender ID would stop phishers from sending e-mail that appears to come from citibank.com. But what's to stop phishers from registering variations on the CitiBank name and trapping victims that way? If you got an e-mail from citibank-customer-service.com, how would you know whather it's legitimate?

And I've heard it said that Sender ID doesn't really solve any problems at all, that e-mail recipients can already identify the sender of a message using clues in the message headers and envelope. I have to admit I don't quite understand those points; if someone can explain it to me in small words, suitable for a small child, idiot, or a journalist, I'd appreciate it.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll