September 16, 2004 1:15 PM PDT

AOL drops Microsoft antispam technology

Related Stories

Less junk in your in-box?

September 9, 2004

Savvis cancels spammers' accounts

September 8, 2004

Spam volume keeps rising

September 1, 2004

Sendmail searches for antispam testers

August 30, 2004
America Online said Thursday that it will not support a Microsoft-backed antispam technology called Sender ID.

The online giant cited "lackluster" industry support and compatibility issues with the antispam technology SPF, or Sender Policy Framework, that AOL supports.

AOL's moves come days after the Internet Engineering Task Force standards body voted down the Sender ID proposal. The IETF said Microsoft's decision to keep secret a patent proposal for the technology was unacceptable. Open-source groups also pulled their support of Sender ID, claiming its licensing restrictions were too strict. AOL agreed with the IETF fallout and added its own reasoning.

"AOL has serious technical concerns that Sender ID appears not to be fully, backwardly-compatible with the original SPF specification--a result of recent changes to the protocol and a wholesale change from what was first envisioned in the original Sender ID plan," AOL spokesman Nicholas Graham wrote in an e-mail.

Sender ID, like SPF, is a technology that verifies the authenticity of an e-mail sender's "@" address, such as "@yourbank.com," by validating the underlying, numeric Internet Protocol address. The system combines Microsoft's "Caller ID for E-Mail Technology" and SPF, authored by Meng Wong, chief technology officer at Pobox.com.

Graham added that while AOL will not check Sender ID for inbound messages, it will still publish records for outbound e-mail.

AOL's announcement illustrates the brewing standards battle for e-mail authentication technology for fighting spam. One of the most reviled byproducts of the Internet, spam has become a problem that plagues consumers, corporate networks and e-mail providers such as AOL, MSN and Yahoo.

All three of the Internet giants are putting their weight behind their own systems. AOL has used SPF since 2003; Microsoft is pushing for Sender ID; and Yahoo is supporting Domain Keys, which uses digital signatures and can be employed alongside SPF or Sender ID. These technologies take different stabs at the same problem, and each company is trying to drum up support among industry players.

Despite public statements about cooperation, AOL, Microsoft and Yahoo made independent moves to turn their systems into standards. All three companies have submitted proposals to the IETF in the hope that their preferred technology will become the industry standard for antispam efforts.

Microsoft would not immediately comment on AOL's decision.

Yahoo spokeswoman Mary Osako said in an e-mail that the company "is continuing to evaluate a variety of industry solutions including those that are IP-based, such as SPF and Sender ID, and those that are cryptographic, such as DomainKeys. Yahoo is focusing efforts around DomainKeys, which provide an effective and scalable solution to solving the phishing and e-mail forgery problem."

CNET News.com's Stefanie Olsen and Rob Lemos contributed to this report.

6 comments

Join the conversation!
Add your comment
They will use it, but not support it.
"Graham added that while AOL will not check Sender ID for inbound messages, it will still publish records for outbound e-mail."

The most important part of adoption for Sender ID is for major email senders to use the ID system when SENDING their email. It is even in the name, they call it _Sender_ ID.

By not publishing their Sender ID they would do more harm to adoption of the system. By not proving the senders who are sending mail in to their network, they are doing more harm to their users by allowing spammers more access in to their network, and their users inboxes.

Overall the AOL statements are full of hot air, they are going to use the standard to publish their own Sender ID, and that's the most important peice of the technology.
Posted by zaz.net (46 comments )
Reply Link Flag
Please Reread Story
Unknown says that AOL is not supporting
SenderID. The article says they are. They are
supplying/publishing the info for those
receivers who support SenderID to allow them
to validate supposed AOL Messages. What
they are NOT doing is using SenderID to
validate messages sent by others and
addressed/delivered to AOL.
Posted by (2 comments )
Link Flag
THE SMARTEST THING AOL HAS DONE YET
For those that own business' and havn't realized it yet, sit back a minute and revel in some knowlege. Microsoft, to this day, has not released a reliable operating system since conception. I have personally lost thousands in my company because of Microsoft and there poor quality control. Taking just this into account. Why would Microsoft think they could even compete in the Anti-Spam technology as well as the search technology. AOL has obviously realized this!

Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Agreed. SenderID is good.
You got it, Justin. Since AOL is using SenderID, their email system will remain compatible with anybody else who implements SenderID security. Good work on AOL's part.

As to you comments about Microsoft costing your business thousands of dollars.... well, "Whaa." Millions of business do just fine with Microsoft software. Chances are, your loss stems from some other incompetence.
Posted by David Arbogast (1709 comments )
Link Flag
CONTROL TOTAL
!!!!!AND NOW A SPAM KEY IF YOU CANT CONTROL ALL THE SOFTWARE- SP2 "SECURITY" MICRO WILL SELL THE KEY ,YOU KNOW THE NUMBER OF THIRE PARTY SOFTWARE THAT DOESNT RUN ON SP2 IE:ADOBY !!!!!'AND NOW THE IP'S. CONTROL WHAT YOU CALL SPAM I MIGHT CALL MY EMAIL CONTROL AND ONLY CONTROL OF ALL PARTS OF THE INTERNET. ANY ONE ELSE HAVE AN AUTOMATIC TEMPERTURE CONTOL TO SET THE TEMP TO YOUR BODY TEMP FOR THE SEAT IN THE WATER CLOSET??EVEN THE PICTURES CHANGE AS YOU LOOK AT THEN. SO WHO SAYS ITS ABOUT CONTROL???? I DO
Posted by (7 comments )
Reply Link Flag
Catch 22 - SPF can block Legitimate Email
On thing that is lost in the discussion of SPF
is that its use can block Legitimate Email.
This is a Collateral Damage outcome of
another "Anti-SPAM" measure - The Blocking
and/or Hijacking of attempts to connect to
SMTP Servers via Poert25. There are a
growing number of ISPs that are either
ignoring requests from User Mail Agents to
connect to some other ISP's SMTP Server via
Port25 (Blocking) or when requested to do so
just connecting the user to their SMTP Server
(Hijacking). The net result is that if ISPx is one
of these ISPs, then all mail that is being sent
while using ISPx connectivity must be sent via
a ISPx SMTP server even if it is from an email
address at ISPy and thus should, at least in
theory ,being sent via an ISPy SMTP server.
There is a end run that can be done to the
Port25 Blocking/Hijacking - Connect via
another Port - Such as the Mail Submission
Agent Port587 that has been designated for
Submission of Email. The problem is that not
all ISPs support Port587 (especially those
"You must use OUR Port25" ones referenced
above).

The reason why SPF can cause problems is
that SPF enforces that requirement that ISPy
email come from an ISPy SMTP server.

Thus the Catch-22 - Unless ISPy supports
Port587 submission, its publication of SPF
records will prevent any messages being
submitted via the ISPx Server by ISPx
connectivity users (remember that ISPx will
not allow their users to connect to ISPy via
Port25 and SPF at the recipient ISPz will
reject any ISPy email coming from the ISPx
server since ISPy's SPF Records require that
the mail be being delivered to ISPz from an
ISPy Server).
Posted by (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.