Software // Enterprise Applications
Commentary
9/13/2004
12:37 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Microsoft Should Open-Source Anti-Spam Technology

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

Sender ID is Microsoft technology for identifying the sender of an e-mail message. According to advocates fo the technology, spam, viruses, and phishing work because the senders of an e-mail messages can put whatever address they like in the "from" line of a message. The recipient has no way of knowing if the message really came from customerservice@citibank.com, president@whitehouse.org or whatever address the message appears to be from.

Sender authentication alone won't stop spam, viruses and phishing, but it's a start. It'll enable users to reliably identify messages from known, good senders, and then put the others aside into a queue of potential spam and other bad mail, to be managed accordingly. Some users will run the questionable mail through filters, others will simply delete it unread.

In order for Sender ID to work, it has to see widespread adoption and, in order for that to happen, Sender ID has to be integrated into all the common e-mail server platforms. And that's the problem.

The open-source Apache Software Foundation said last week it won't support Sender ID because the licensing terms set by Microsoft are too strict.

According to the report by TechWeb News: "The foundation said the 'nontransferable' language in Microsoft's license, as well as its prohibitions on sub-licensing of the technology, made the software maker's terms unacceptable to the open-source development process." Apache projects include the web server of the same name, as well as the popular open source spam filter SpamAssassin.

For Sender ID to be successful, the technology needs the support of all e-mail software makers, not just the vendors of proprietary software. Microsoft needs to work with open source software creators to get Sender ID incorporated into open source e-mail packages.

That's not the only problem with Sender ID.

Identifying the domain that e-mail comes from is nice, that doesn't tell you who actually sent the mail. Sender ID would stop phishers from sending e-mail that appears to come from citibank.com. But what's to stop phishers from registering variations on the CitiBank name and trapping victims that way? If you got an e-mail from citibank-customer-service.com, how would you know whather it's legitimate?

And I've heard it said that Sender ID doesn't really solve any problems at all, that e-mail recipients can already identify the sender of a message using clues in the message headers and envelope. I have to admit I don't quite understand those points; if someone can explain it to me in small words, suitable for a small child, idiot, or a journalist, I'd appreciate it.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.