Microsoft Should Open-Source Anti-Spam Technology - InformationWeek
Software // Enterprise Applications
12:37 PM
Mitch Wagner
Mitch Wagner
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

Microsoft Should Open-Source Anti-Spam Technology

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

Sender ID is Microsoft technology for identifying the sender of an e-mail message. According to advocates fo the technology, spam, viruses, and phishing work because the senders of an e-mail messages can put whatever address they like in the "from" line of a message. The recipient has no way of knowing if the message really came from, or whatever address the message appears to be from.

Sender authentication alone won't stop spam, viruses and phishing, but it's a start. It'll enable users to reliably identify messages from known, good senders, and then put the others aside into a queue of potential spam and other bad mail, to be managed accordingly. Some users will run the questionable mail through filters, others will simply delete it unread.

In order for Sender ID to work, it has to see widespread adoption and, in order for that to happen, Sender ID has to be integrated into all the common e-mail server platforms. And that's the problem.

The open-source Apache Software Foundation said last week it won't support Sender ID because the licensing terms set by Microsoft are too strict.

According to the report by TechWeb News: "The foundation said the 'nontransferable' language in Microsoft's license, as well as its prohibitions on sub-licensing of the technology, made the software maker's terms unacceptable to the open-source development process." Apache projects include the web server of the same name, as well as the popular open source spam filter SpamAssassin.

For Sender ID to be successful, the technology needs the support of all e-mail software makers, not just the vendors of proprietary software. Microsoft needs to work with open source software creators to get Sender ID incorporated into open source e-mail packages.

That's not the only problem with Sender ID.

Identifying the domain that e-mail comes from is nice, that doesn't tell you who actually sent the mail. Sender ID would stop phishers from sending e-mail that appears to come from But what's to stop phishers from registering variations on the CitiBank name and trapping victims that way? If you got an e-mail from, how would you know whather it's legitimate?

And I've heard it said that Sender ID doesn't really solve any problems at all, that e-mail recipients can already identify the sender of a message using clues in the message headers and envelope. I have to admit I don't quite understand those points; if someone can explain it to me in small words, suitable for a small child, idiot, or a journalist, I'd appreciate it.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll