News Stay informed about the latest enterprise technology news and product updates.

Sender ID not DOA, standards body says

The e-mail identification protocol is alive and well, according to the Internet Engineering Task Force. And some predict that the recent flap over Sender ID's method of authentication will be worked out in a compromise.

The Microsoft-proposed technology that identifies the source of an e-mail ran into a speed bump on the road to ratification, but the proposed Sender ID standard is hardly in ruins.

There was some confusion last week regarding e-mails detailing events at the MTA Authorization Records in DNS, or MARID, a working group of the Internet Engineering Task Force (IETF) that

The issues are not as big as feared between [Microsoft and the open source parties].

Nathaniel Borenstein, IBM distinguished scientist

is responsible for developing the standard. Some believed that MARID had decided to kill a portion that contained Purported Responsible Address (PRA).

PRA is a Microsoft technology that authenticates the source of e-mail addresses, and contains patents for technology that some vendors, in particular, some members of the open source community, object to licensing. There is a second method to do this same check, called the Sender Policy Framework, also called "mailfrom."

Andrew Newton, co-chair of the MARID working group, said the group has decided to use both methods of checking for forgery, not just one. Newton said vendors can choose which one, or both, to use in their products.

"The code for either one is trivial," he said. "But the network administrator must determine how they want the checks to be done. They will have two methods to choose from."

Compromise likely, IBMer predicts

Some experts have said that this decision will not likely come to pass, and rather, that it is a worst-case scenario. Ultimately, there will probably be a compromise and a resolution, they say.

For more information

Read about open source's snub of Sender ID


Get the background on Sender ID's origin

Nathaniel Borenstein, a distinguished scientist at IBM, is one of those who said he believes that "cooler heads will prevail" and a consensus can be reached. "The issues are not as big as feared between [Microsoft and the open source parties]," he said.

IBM signed on as a supporter of Sender ID, but like all Sender ID proponents, such as Symantec Corp. and Sendmail Inc., they endorsed the proposed standard when it was expected to include one authentication method, not two. Borenstein remains optimistic that the members of the IETF working group will work out their differences.

"IBM recognizes the interest and concerns of both Microsoft and the open source community," he said. "Both have valid concerns, but it is still possible to satisfy the needs of both communities, and we are continuing to work toward that."

Antispam fight has many fronts

Whatever happens at the IETF, most experts agree that Sender ID is on its way to broad acceptance.

"What's nice about Sender ID is that it attacks the root cause of spam," said Francis DeSouza, CEO and founder of IMLogic Inc., a Waltham, Mass.-based manufacturer of software that manages instant messages. "If you can properly authenticate the messages, you've made a good dent in who can send you spam."

Fighting the war on spam will get more difficult as spam spreads to new media. It's starting to move to instant messages, where it actively disrupts workers by popping up on their screen. It's also making its way onto cell phones, where this additional traffic might actually cost a user some money. "Just when you think you've got one tactical solution in place, it moves to another front," DeSouza said.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.