Feds Call for Summit, ESPs Push On With Authentication

Efforts to implement e-mail authentication are on a bumpy road, but moving forward.

The push for email authentication systems hasn’t diminished in strength, despite controversy over the Microsoft-backed Sender ID protocol. Both the Feds and email service providers (ESPs) are pressing on with their support for the establishment of such systems.

The Federal Trade Commission (FTC) backed up an earlier endorsement of authentication, today setting a date for a summit on the issue, November 8 and 9. The E-Mail Authentication Summit is to be held in conjunction with the National Institute for Standards and Technology (NIST).

The agencies are asking experts with knowledge of authentication-related issues to step up and share their knowledge. The FTC and NIST want to answer a number of questions about authentication systems. These include: Will they produce a marked reduction in spam? Will non-participating ISPs suffer? Can an Internet-wide authentication system be adopted in a reasonable amount of time?

The agencies published a statement in the Federal Register saying: “The purpose of the summit is to facilitate a discussion among technologists from ISPs, businesses and individuals who operate their own mail servers, computer scientists, and other interested parties regarding technological challenges of the various authentication proposals, the ability of small ISPs and domain holders to participate in the authentication systems, the costs associated with the various proposals, the international implications associated with the proposals, and other issues that impact the time frame for and viability and effectiveness of wide-scale adoption of domain-level authentication systems for email.”

People who wish to participate must send a statement to the summit organizers by September 30.

Meanwhile, ESPs plan to continue deploying the Sender ID authentication standard on the sending end, despite lingering questions about how widely it will be implemented by receivers.

The Internet Engineering Task Force’s MARID working group, which is discussing potential email authentication standards, last week decided to address intellectual property rights concerns by making one part of the Sender ID specification optional.

“The standard has two choices in it,” explained Andrew Newton, co-chair of the MARID group. Newton said email recipients could choose to use a Microsoft-developed algorithm to check the purported sender’s address. Alternatively, they could use another system, based upon the SPF protocol, to check the “bounce” address. Many in the open source community have said they couldn’t implement the Microsoft algorithm because it isn’t compatible with open source development.

“This allows the market to drive the decision about Sender ID,” said Margaret Olsen, chair of the technology subcommittee of the E-Mail Service Providers Coalition (ESPC). “I think it was absolutely the right thing for the chairs to do, because the working group was having a great deal of difficulty coming to a true consensus. In the end, what is useful to senders and receivers is what should drive the IETF.”

Olsen added no intellectual property concerns encumber the sending side of the process, so there’s no reason for senders to hesitate in becoming Sender ID compliant. “The ESPC remains fully supportive of sender ID and our membership is getting ready to implement,” she said.

Still, Joshua Baer, CEO of ESP Skylist and ESPC steering committee member, says there’s lots of confusion in the industry.

“Senders are really confused right now about what to do. I don’t think they should be, but many of them are,” said Baer. “Many senders don’t realize that the IPR [intellectual property rights] issue doesn’t affect them. It’s just totally irrelevant. They don’t need to make a big decision between one and another right now. They just need to implement both [Sender ID and SPF].”

Olson agrees there’s no harm in implementing both, especially given ISPs are expected to begin checking for Sender ID and SPF records, whether they’re standards or not. America Online has said it will begin requiring whitelisted senders to publish SPF records, and Microsoft’s Hotmail service is widely expected to begin checking Sender ID records later this year.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource