Microsoft Takes On Spammers Again - InformationWeek
Software // Enterprise Applications
09:58 AM
Connect Directly

Microsoft Takes On Spammers Again

It will begin checking for the existence of Sender ID framework records on Oct. 1.

Microsoft is taking aim at spammers who hide behind spoofed or forged E-mail addresses. At last week's Open Group Conference in Boston, the company said it would begin checking for the existence of Sender ID framework records on Oct. 1.

"What we hope to see is that others will be doing the same, and I think you will see that--other large ISPs following suit," says George Webb, business manager of Microsoft's Anti-Spam Technology and Strategy Group. "Basically, the call to action now is everyone should be publishing SPF records. We hope to see broad adoption of that standard quickly."

The Sender ID specification dictates that E-mail senders publish the IP addresses of their outbound mail servers. Where such records exist, Microsoft now will begin trying to match the purported responsible domain for every message received to an IP address on the supposed senders' list of authorized mail servers. If no match is found, the message is probably spoofed. According to Microsoft chairman Bill Gates, domain spoofing is involved in half of all of spam.

At some future point, a domain mismatch may mean the message gets blocked. In the near term, however, the absence of a match will be only one point of data among many used by Microsoft's SmartScreen filtering technology to determine whether a message is spam.

During this initial period, Webb says, there will be a large portion of domains that haven't published their SPF records yet. "We will not be blocking those in October," he said. "What we will be doing is determining what is the likelihood of someone having posted an SPF record, how well does that correlate with spamminess or not. And learning from that in terms of how we integrate that with our filter. Over time, you'll see a deeper integration."

Some 170 million active MSN Hotmail accounts will be affected. When enough legitimate mail senders participate, Sender ID will help defend against phishing attacks. "Establishing the domain provenance of E-mail is certainly a contributing factor to help solve the phishing problem," says Webb.

But Hotmail users are already reaping the benefits of Microsoft's anti-spam efforts. Last October, the company added SmartScreen to Hotmail servers and to Outlook 2003. Exchange 2003 customers saw the technology in May. In December, Microsoft began throttling spam more aggressively. The result, says Webb, has been a 60% reduction in spam at Hotmail. "I've actually gotten my parents and people like that asking me what we did," he said, "because Hotmail has become such a better experience since we did that."

Even as it attacks spammers via the courts and through reputation-based accreditation schemes, Microsoft remains focused on technical solutions. "Our own technology development and deployment is critical," says Webb. "We're pushing that forward into new areas like proof technologies, where you have things like demonstrations of computational effort can be used to differentiate yourself from illegitimate mailers. We're looking at how to put those technologies into our E-mail clients right now."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll