Comments on: Microsoft touts 'Sender ID' to fight spam, scams

Proposed tech standard would verify senders' IP addresses to cut malicious phishing and annoying Viagra pitches.

Microsoft Knows Best

Yes, something needs to be done about spam but I'm not sure this will really help all that much. I'm sure Sender ID will be just as spoofable as any email header, subject, or to field in email. Even if the IP address is recorded and validated with a third party -- I can setup a simple Linux server to masquerade as anyone (IP/Mac address) I want.

Personally, I think a new version of SMTP needs to be developed and adopted. Something that has built in security and optionally backward compatible with current SMTP protocol. SMTP was designed when the Internet was a kinder and non-commercial place when stuff like security and privacy where much less of an issue.

Of course, no single action will stop spam completely, but a more robust SMTP system should go a long way towards it.

Have you read the proposal?

First, neither senderID, callerID or SPF are the be all, end all solutions to the spam problem. Neither Microsoft, pobox.com, AOL, earthlink, or anybody else involved with implementing the proposal says this is the TOTAL solution to the problem. They all say (and I agree with them) that a proposal like senderID is an important PART of the solution to spam.

Have you read the senderID proposal that the MARID group at the IETF is considering? If so, you would know that SPF is a subset of senderID, and that it is implemented in the SMTP server receiving the mail.

I disagree with your assertion that senderID could be fooled merely by setting up a Linux box the right way. It means you would have to be able to converse with a SMTP server through a TCP connection with a spoofed IP. Unless you have physical access to the same subnet as the server, this requires not only sending the packets to the SMTP server blind, but with the correct packet sequence numbers. Not likely, and even less likely to work with enough reliability to make such a connection undetectable.

[arthur-b]

Sigh...

Exactly how will this Sender ID thing fix the inherent security problems that almost look designed into Windows?

Meaning, how will this stop Windows PC's from getting zombied and thus turned into a spam bot?

As usual, this is just about getting people hooked on empty promises with strings attached. As well as dealing with symptoms after the fact. Never mind the causes.

In lame terms, by the time a known spam bot (aka: someone that got zombied) is identified the spammers will have moved on. Will it help to identify spammers eventually then? Maybe on paper but those in the real world know better. Will it help to lower the amount of spam in your inbox? Maybe on paper but those in the real world know better. Will it help to get you locked into an overpriced solutions for your symptoms? Not on paper but those in the real world know better. Can I use those overpriced solutions in some sort of free way? Sure, plenty of cracks around for anyone, but only as long as is needed. Are their any experts around who would disagree with this assessment? Plenty, problem is though that they're commercially motivated to tell you so. What am I to do then? Sorry, there's no easy way out. Either you go along with the ride and do as you're told by others (see what happens later, however costly that is) or you'll learn to take matters into your own hands however problematic that'll turn out to be every now and then.

Folks, all what this Sender ID is about is: look, we're doing what we can (what we want), please stick to our way and ignore all those other alternatives.

Elas, in reality, it seems most people like to dream so a short term solution to the real causes doesn't seem at hand. The only thing that would work is a mass drop in using IE and Windows. Only that will motivate Microsoft to solve causes rather then symptoms. Without strings attached.

Let's face it people, those who stick with the program usually end up last. And getting the short end of the deal.

[audiophile7]

Great efort

That's the way that Microsoft should always have: Thincking in new ways to improve their system.

A "tech standard" from Microsoft?

I think the world should be wary at least about any "standard" that Microsoft tries to introduce that purports to solve an open systems issue like e-mail authentication. They don't believe in open system and all effort is geared towards a lock in/lock out situation for their OS. Down the road they will attempt to patent certain concievable uses of the "standard" with the premise that afterall they invented it -- just as they have done with XML. An attempt to corner e-mail will even be more sinister. Looking at Microsoft past unfair tactics, I wouldn't put it beyond them.
http://www.xmlhack.com/read.php?item=491
http://news.com.com/2100-7345_3-5158432.html?part=rss&tag=feed&subj=news

[aabcdefghij987654321]

What about patents?

I'm more concerned that Microsoft will use their patent licensing to block open source from being part of the effort. I mean, lets face it, they have proven before that they are not above such things.

If they really cared about "helping our customers" that much, they wouldn't be making the patents an issue. Sendmail, Qmail, Postfix etc make up a very big part of the Internet's mail systems, and if MS makes the patent license a part of the deal (thereby blocking Open source MTA's from incorporating it), they will be doing it not to "help their customers" but rather to try and help themselves. Also, it will be much less effective since most of net runs on Sendmail.

rgds

Frank

[198775425444042216790779840523]

Worthless

How about they just fix their operating system so PC don't
become spam sending drones so easily. Instead they want to
invade out privacy and set a horrible president.
Just like Micro$hit to come up with a new "standard" instead of
fixing the root of the problem.

[MattEvans16]

You're stupid

Wow, you're stupid. How is the O/S the problem?!?!... how do you know the "spam bots" are running a Windows machine? They could be running ANY operating system.