Microsoft Should Open-Source Anti-Spam Technology - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
Commentary
9/13/2004
12:37 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Microsoft Should Open-Source Anti-Spam Technology

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

If Microsoft is serious about using sender authentication to block spam, phishing and viruses, the company needs to release its Sender ID technology into open source.

Sender ID is Microsoft technology for identifying the sender of an e-mail message. According to advocates fo the technology, spam, viruses, and phishing work because the senders of an e-mail messages can put whatever address they like in the "from" line of a message. The recipient has no way of knowing if the message really came from [email protected], [email protected] or whatever address the message appears to be from.

Sender authentication alone won't stop spam, viruses and phishing, but it's a start. It'll enable users to reliably identify messages from known, good senders, and then put the others aside into a queue of potential spam and other bad mail, to be managed accordingly. Some users will run the questionable mail through filters, others will simply delete it unread.

In order for Sender ID to work, it has to see widespread adoption and, in order for that to happen, Sender ID has to be integrated into all the common e-mail server platforms. And that's the problem.

The open-source Apache Software Foundation said last week it won't support Sender ID because the licensing terms set by Microsoft are too strict.

According to the report by TechWeb News: "The foundation said the 'nontransferable' language in Microsoft's license, as well as its prohibitions on sub-licensing of the technology, made the software maker's terms unacceptable to the open-source development process." Apache projects include the web server of the same name, as well as the popular open source spam filter SpamAssassin.

For Sender ID to be successful, the technology needs the support of all e-mail software makers, not just the vendors of proprietary software. Microsoft needs to work with open source software creators to get Sender ID incorporated into open source e-mail packages.

That's not the only problem with Sender ID.

Identifying the domain that e-mail comes from is nice, that doesn't tell you who actually sent the mail. Sender ID would stop phishers from sending e-mail that appears to come from citibank.com. But what's to stop phishers from registering variations on the CitiBank name and trapping victims that way? If you got an e-mail from citibank-customer-service.com, how would you know whather it's legitimate?

And I've heard it said that Sender ID doesn't really solve any problems at all, that e-mail recipients can already identify the sender of a message using clues in the message headers and envelope. I have to admit I don't quite understand those points; if someone can explain it to me in small words, suitable for a small child, idiot, or a journalist, I'd appreciate it.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll