More NewsCombined Microsoft, SPF E-Mail Standard Goes to Standards Body

Combined Microsoft, SPF E-Mail Standard Goes to Standards Body

The move is seen as a critical step toward e-mail authentication and the end of spoofing, phishing and spam.

Microsoft and Sender Policy Framework (SPF) author Meng Weng Wong have converged their respective email authentication standards and submitted the resulting specification, now called Sender ID, to the Internet Engineering Task Force.

Sender ID, like its progenitors SPF and Caller ID for E-Mail, is aimed at adding the identity element to email. That’s seen as a critical first step in eliminating spoofing, phishing and spam. The news comes on the heels of public support for authentication standards expressed by both the ISPs’ Anti-Spam Technical Alliance and the Federal Trade Commission.

“Over half of the email targeting our Hotmail customers today come from spoofed domains, and we are committed to taking this trick away from spammers,” said Ryan Hamlin, general manager of the Anti-Spam Technology and Strategy Group at Microsoft.

Sender ID works by looking at information both in the “envelope” of the email message and in the message itself. It compares that information with data published by domain owners in the Domain Name System (DNS), to confirm the email actually came from the domain that it appears to be from. For example, recipients could be sure an email from johndoe@aol.com was actually from someone at the aol.com domain.

There’s been some controversy over the format in which the Sender ID records should be published in the DNS. The merged specification calls for an XML format — a format many critics say is unnecessarily complicated and difficult to deal with. However, the Sender ID authors have made the specification backwards compatible with the simpler SPF text format. More than 20,000 domains have already published records in that format, according to Wong.

AOL, as one of those that published the original SPF standard, is pleased with Sender ID. “We are glad the new standard is fully backwards compatible with the existing SPF, which is in use by tens of thousands of domains on the Internet already,” said Carl Hutzler, director of Antispam Operations at AOL.

A number of email service providers have already adopted SPF and other authentication technologies. AOL has said it will require those on its whitelist to publish SPF records by the end of the summer.

Related Articles

GDPR: The role of technology in data compliance

Data & Analytics GDPR: The role of technology in data compliance

3w Clark Boyd
What companies can learn from the We-Vibe lawsuit about the Internet of Things

Legal & Regulatory What companies can learn from the We-Vibe lawsuit about the Internet of Things

8m Al Roberts
Has advertising arrived on Google Home?

Media Has advertising arrived on Google Home?

8m Al Roberts
Target is the top retail digital marketer, so why is it struggling?

Ecommerce Target is the top retail digital marketer, so why is it struggling?

8m Al Roberts
YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

More News YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

9m Al Roberts
YouTube is getting rid of 30-second unskippable pre-roll ads

Ad Industry Metrics YouTube is getting rid of 30-second unskippable pre-roll ads

9m Al Roberts
Is Twitter slowly dying?

More News Is Twitter slowly dying?

9m Al Roberts
FedEx launches fulfillment service to take on Amazon

Ecommerce FedEx launches fulfillment service to take on Amazon

9m Al Roberts