Microsoft Throws Its Weight Behind E-Mail-Accreditation Program
MSN and Hotmail are joining IronPort Systems' Bonded Sender program, which lets legitimate volume senders of E-mail ensure delivery of their messages.
Microsoft on Wednesday said MSN and Hotmail have joined anti-spam vendor IronPort Systems Inc.'s Bonded Sender E-mail-accreditation program, a so-called whitelist or allow-list service by which legitimate volume senders of E-mail can ensure delivery of their messages.
The program requires participants to adhere to certain standards and to post a financial bond to be debited if enough message recipients complain. Certification, third-party oversight, and dispute resolution services will be provided by Trust-e, a nonprofit organization that aims to facilitate trusted relationships over the Internet.
"The significance here is that the industry is struggling to combat spam, and this notion of considering the sender's reputation is starting to become more commonplace," says Matt Cain, an analyst at IT research firm Meta Group.
While the move is perhaps not surprising, given that IronPort CEO Scott Weiss previously worked at both Hotmail and MSN, it's likely to raise eyebrows and lower deliverability among spammers. With Microsoft joining some 28,000 organizations already involved in Bonded Sender, Weiss says the program now reaches more than 30% of the E-mail on the Internet, up from between 5% and 8%. And he predicts other large service and E-mail providers will follow.
What this means, Weiss says, is that Microsoft will be in a position to tell volume senders of E-mail to either get accredited or be blocked.
George Webb, business manager at Microsoft's Anti-Spam Technology and Strategy Group, offers a less-absolute interpretation, saying bulk E-mailers that don't take part in the Bonded Sender program will be subject to a higher level of filtering than registered senders--but not necessarily blocked outright. "We see a lot of opportunities to get a lot smarter upstream to eliminate spam," he says. He considers Bonded Sender to be one of many positive steps Microsoft is taking to combat spam, which he says fall into three categories: protection, prevention, and proof.
Programs such as Bonded Sender--and there are others, such as Haebeas--are primarily an attempt to address the problem posed by false positives. That's when legitimate E-mail gets blocked. Ray Everett-Church, chief privacy officer at spam and privacy consulting firm ePrivacyGroup.com and counsel for the Coalition Against Unsolicited Commercial Email, says even 100% opt-in E-mail still gets blocked anywhere from 5% to 15% of the time because the blacklists used by Internet service providers aren't 100% accurate. David Ferris, president of messaging research firm Ferris Research, suggests that figure may be as high as 20% to 30%.
Markus Mullarkey, VP of outbound marketing solutions at Cnet Networks Inc., says his company publishes more than 100 E-mail newsletters and that if customers aren't getting them, that's a big issue. He notes that Cnet works with a number of ISPs and mail services to guarantee message delivery. But for E-mail marketers that haven't taken such steps, he says, "if you're not bonded and can't prove that you're a trustworthy sender, then you're very much at risk."
For Scott Richter, president of E-mail marking firm OptInRealBig.com and the third-largest spammer in the world, according to a December lawsuit filed by Microsoft and New York State Attorney General Eliot Spitzer, the announcement isn't particularly troubling. He notes that MSN and Hotmail have been working with IronPort for some time now. Richter says he has applied to join Bonded Sender, but has not been let in.
Joining may be easier if Richter wins his recently filed lawsuit against SpamCop, the IronPort-owned Web site that provides complaint data used to establish E-mail blacklists or blocklists. Among other things, Richter is seeking the names of those who have complained to SpamCop about his company's E-mail so that he can remove them from his lists, as required by the Can-Spam Act of 2003. Should he succeed in doing so, he could in theory participate in Bonded Sender without generating enough complaints to have his bond debited.
"Bonded Sender is like a credit report," an IronPort spokesperson says. "If you have bad credit, you can change your practices, but it takes time to build up good credit. If Scott Richter could meet all the Bonded Sender standards and legitimate mailing practices, he could get in."
Everett-Church suggests Bonded Sender is about paying for delivery rather reducing the amount of spam: "The core issue is permission and whether you can buy your way out of needing permission."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.