April 18, 2006 4:00 AM PDT

On sentry duty in your in-box

Two years after the introduction of a caller ID-like system for e-mail, Microsoft believes it now has the arguments to sway businesses to adopt the spam-fighting technology.

At a Chicago conference on e-mail authentication on Wednesday, Microsoft plans to talk about the success it's having with Sender ID on its own hosted e-mail services, such as Hotmail. The software giant said it will outline how the verification system is benefiting its e-mail subscribers and those who send messages to them.

The proof of concept is key to Microsoft, as it continues its push for authenticated e-mail, which puts the source of messages under more scrutiny than normal. The effort includes using perhaps its greatest weapon: cash. The Redmond, Wash., company is providing funds to e-mail security vendors to promote checking for authentication in inbound messages.

"The overall goal is to restore trust and confidence in e-mail," Craig Spiezle, a director in the technology care and safety group at Microsoft, said in an interview. "We can now clearly articulate the real business value of authenticated e-mail....This is some of the hard data that has been lacking."

Sender ID is a specification for verifying the authenticity of e-mail by ensuring the validity of the server from which it came. The technology is one of several pitched by the industry to help stem the tide of spam and phishing scams by making it harder for senders to forge their addresses and by improving e-mail filters.

On e-mail that uses Sender ID, along with enhanced spam filtering, Microsoft was able to reduce the number of false positives, or e-mail wrongly identified as spam, on Hotmail by up to 80 percent, Spiezle said. In addition, for high volume "good" senders who use Sender ID, Microsoft's analysis showed their false positive rate on average dropped to nearly zero. At the same time, the number of junk messages incorrectly let through declined by more than 85 percent, Spiezle said.

"We're very excited about this," Spiezle said. "It gets back to why should I care, and what's new. We look at this as providing superior business and technical value for the entire e-mail ecosystem--a solution that has effectively no cost, no performance impact to the senders and receivers, and that is providing real results."

As part of its push, Microsoft in late February kicked off a program that offers funding to e-mail security companies to adopt e-mail authentication protocols like Sender ID, Spiezle said. The funds are available to those that provide tools to filter incoming e-mail. CipherTrust and IronPort said they're among the companies that have applied for the money, but neither would disclose actual amounts.

"It is the chicken and the egg: The more people that authenticate inbound, the higher the value is to authenticate outbound, and conversely," Spiezle said.

Results so far
If adopted widely, such e-mail authentication technology could help people make sure that a message that claims to be from their bank actually was sent by the bank. Authentication alone does not stop junk and spoofed messages, but it can make spam filters more effective, by allowing filters to rate domains based on the e-mail that is sent.

However, America Online and eBay, two of the other early adopters of e-mail authentication, haven't yet seen many real results from it, company representatives said. AOL takes in a lot of e-mail for its more than 20 million Internet access subscribers, while eBay is the source of more than 1 billion messages a month.

"I think we're starting to see where it is effective and how it can be effective, but it is still in the early stages," Hani Durzy, an eBay representative, said.

E-mail authentication has been mired in controversy, which has held back adoption. Microsoft's involvement sparked intellectual-property concerns, and the company has been accused of strong-arming the world into adopting Sender ID, even though there's still debate over alternatives and a lack of standards.

"The tide has turned; the dust has settled," Spiezle said, adding that the e-mail authentication scene is much clearer today then a year ago. "The controversy and lack of having hard data has been in a sense some noise for businesses, so they did not even hear the message. Now they want to move forward."

CONTINUED: Checking e-mail…
Page 1 | 2 | 3

See more CNET content tagged:
e-mail authentication, Sender ID, e-mail security, authentication, sender

18 comments

Join the conversation!
Add your comment
Bull
This is just a way to "validate" spam. It is VERY EASY to block the email sender-id would not let through, and - if you dont use a MS Mail Server that ACCEPTS and PROCESSES EVERYTHING - it uses little processing power and bandwidth. Currently, sender-id would not block the email that get through my mail server. I would just mean more spamer would spend money with MS and Security vendors to get IDs. The end user would still get the spam.

Another MS joke at attempting to benefit from a problem that will always exist.
Posted by umbrae (1073 comments )
Reply Link Flag
Bull
This is just a way to "validate" spam. It is VERY EASY to block the email sender-id would not let through, and - if you dont use a MS Mail Server that ACCEPTS and PROCESSES EVERYTHING - it uses little processing power and bandwidth. Currently, sender-id would not block the email that get through my mail server. I would just mean more spamer would spend money with MS and Security vendors to get IDs. The end user would still get the spam.

Another MS joke at attempting to benefit from a problem that will always exist.
Posted by umbrae (1073 comments )
Reply Link Flag
Bull II
The real Spam problem is the bandwidth that it consumes. And as far as I can tell, neither MS SenderID, Yahoo DomainKeys, or AOL "Moneygrab" (aka Goodmail) will do anything about that, because the crap will be sent to my server.

All these systems can do is "verify" supposedly good messages. We already block 99% of all spam with a combination of Spamassassin and the Spamhaus.org blacklist (with no false positives).

I seriously doubt SenderID or the others could improve on that.
Posted by rcrusoe (1305 comments )
Reply Link Flag
Wow
Spam about an anti-spam product - excellent !
Posted by (409 comments )
Link Flag
Bull II
The real Spam problem is the bandwidth that it consumes. And as far as I can tell, neither MS SenderID, Yahoo DomainKeys, or AOL "Moneygrab" (aka Goodmail) will do anything about that, because the crap will be sent to my server.

All these systems can do is "verify" supposedly good messages. We already block 99% of all spam with a combination of Spamassassin and the Spamhaus.org blacklist (with no false positives).

I seriously doubt SenderID or the others could improve on that.
Posted by rcrusoe (1305 comments )
Reply Link Flag
Wow
Spam about an anti-spam product - excellent !
Posted by (409 comments )
Link Flag
More Beta Testing!
More beta testing a unworkable idea!

Microsoft should know by now that having people register to prove who they are doesn't work. 'No one' registerd drivers, 'no one' registers activex components, and if anyone did, would it help? Nope.

Why does Microsoft keep having us beta test their ideas and software, and try to charge us for it?
Posted by hawkeyeaz1 (569 comments )
Reply Link Flag
Charge?
Einstein, MS is giving away money to suport an idea that is not tied to their technology at all.

You people are pathetic. I'm glad folks like you will have no meaningful impact on the world I'll be living in for the next decades. You post here over and over for no other reason than our amusement. However, you still don't have the style of ol' "Cut 'n Paste" Mettler!
Posted by KTLA_knew (385 comments )
Link Flag
Microsoft keep having us beta test their ideas
<a class="jive-link-external" href="http://www.analogstereo.com/volvo_xc90_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/volvo_xc90_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
More Beta Testing!
More beta testing a unworkable idea!

Microsoft should know by now that having people register to prove who they are doesn't work. 'No one' registerd drivers, 'no one' registers activex components, and if anyone did, would it help? Nope.

Why does Microsoft keep having us beta test their ideas and software, and try to charge us for it?
Posted by hawkeyeaz1 (569 comments )
Reply Link Flag
Charge?
Einstein, MS is giving away money to suport an idea that is not tied to their technology at all.

You people are pathetic. I'm glad folks like you will have no meaningful impact on the world I'll be living in for the next decades. You post here over and over for no other reason than our amusement. However, you still don't have the style of ol' "Cut 'n Paste" Mettler!
Posted by KTLA_knew (385 comments )
Link Flag
Microsoft keep having us beta test their ideas
<a class="jive-link-external" href="http://www.analogstereo.com/volvo_xc90_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/volvo_xc90_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
spammers can use SenderID too
So this isn't really an anti-spam technology
Posted by Jackson Cracker (272 comments )
Reply Link Flag
spammers can use SenderID too
So this isn't really an anti-spam technology
Posted by Jackson Cracker (272 comments )
Reply Link Flag
Why MS should not be trusted with this;
Last I knew MS would not allow open source products free access to use the technology. In other words, pay to play.

All other MS products that have anything to do with Internet technologies, without fail open up users of said technology to an untold number security and privacy concerns. No other product in any category is perfect, but the issues concerning MS products outnumber all other products combined across the board in terms of numbers, impact and severity.

Last but certainly not least, since when does Microsoft care about you and me? I'm not a Microsoft hater, only looking at the facts and track record. Microsoft only does what is good for Microsoft, to obtain and/or maintain a monopoly at the expense of users/consumers. This issue is no exception.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Why MS should not be trusted with this;
Last I knew MS would not allow open source products free access to use the technology. In other words, pay to play.

All other MS products that have anything to do with Internet technologies, without fail open up users of said technology to an untold number security and privacy concerns. No other product in any category is perfect, but the issues concerning MS products outnumber all other products combined across the board in terms of numbers, impact and severity.

Last but certainly not least, since when does Microsoft care about you and me? I'm not a Microsoft hater, only looking at the facts and track record. Microsoft only does what is good for Microsoft, to obtain and/or maintain a monopoly at the expense of users/consumers. This issue is no exception.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Line of Responsibility
This problem has a real solution.

Every single IP address in the world is managed by members if ICANN.

ISP's in all the countries get their IP address blocks from ICANN authorised sources.

Thus - you cannot have a "Spam Source" that works outside the known chain of responsibility from ICANN to the local ISP.

The responsibility for controlling SPAM has to be that of ISP's. They are the ones who hand out the IP addresses that are used to send SPAM.

This is not a problem that can be solved by any company, even the mighty Microsoft. In fact, many suspect that Hotmail is the biggest harvester of email addresses that are used for spamming.

SPAM as another poster pointed out, accounts for a humongous waste of bandwidth. It can be controlled only through the concerted efforts of countries (who own the blocks of IP addresses) and ISP's who are allotted IP Address blocks within countries.

sughyosha
Posted by sughyosha (21 comments )
Reply Link Flag
Line of Responsibility
This problem has a real solution.

Every single IP address in the world is managed by members if ICANN.

ISP's in all the countries get their IP address blocks from ICANN authorised sources.

Thus - you cannot have a "Spam Source" that works outside the known chain of responsibility from ICANN to the local ISP.

The responsibility for controlling SPAM has to be that of ISP's. They are the ones who hand out the IP addresses that are used to send SPAM.

This is not a problem that can be solved by any company, even the mighty Microsoft. In fact, many suspect that Hotmail is the biggest harvester of email addresses that are used for spamming.

SPAM as another poster pointed out, accounts for a humongous waste of bandwidth. It can be controlled only through the concerted efforts of countries (who own the blocks of IP addresses) and ISP's who are allotted IP Address blocks within countries.

sughyosha
Posted by sughyosha (21 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.