Microsoft Revises Sender ID, AOL Signs On

Hoping to revive its approach to using sender identification to curb e-mail spam, Microsoft announced it has tweaked its Sender ID specification and that leading Internet service provider America Online has agreed to back it.

Less than a month after a lack of consensus about the prudence of making Sender ID a widely used standard brought a working group of the Internet Engineering Task Force (IETF) to a standstill, Microsoft resubmitted a new version that is designed to be more compatible with Sender Policy Framework, or SPF, another popular e-mail filtering technology.

AOL said yesterday it would back the new version of Sender ID, calling Microsoft a “key partner in the anti-spam crusade.” That marks a full reversal of AOL’s decision in mid-September not to back Sender ID, which it announced just days after the IETF said it was unable to forge an agreement on the standard.

AOL said in a statement that its initial decision was made because the first version of Sender ID was not backwards compatible, meaning that “all of the development work AOL and many others had put into the e-mail authentication testing process would be cast aside.”

“The new Sender ID specification is, without a doubt, proof that the standards process can work well from a collaborative efforts standpoint. But more progress can be made, and much more work is to be done,” AOL’s statement said.

Not So Fast

AOL did not pledge exclusivity to Sender ID, but said it would continue to work with SPF and would also test alternatives such as Yahoo’s “Domain Keys” approach and other tools being developed by the likes of Cisco Systems.

Analysts say Sender ID is a solid technology and is has been adopted by enough major ISPs and others to give it a solid foothold in the e-mail filtering market. In fact, even after IETF chose not to endorse Sender ID, Microsoft was still winning converts. AOL said it would continue to use it for outgoing e-mail from its members, and one of Canada’s largest Internet service providers said it would use a customized version for its e-mail filtering.

However, the fate of the revised version is not yet clear. The IETF is likely to take some time to evaluate the new submittal, but already some members of the group that had worked on finding a way to make Sender ID acceptable to everyone are saying that it still falls short.

Detractors are suggesting that the revision doesn’t solve the two key problems the working group identified as critical, if not fatal, flaws in Sender ID. In addition to the licensing issue, group members say the method used to blend Sender ID with SPF is flawed and appears to be ripe for problems.

Wayne Schlitt, an SPF supporter and an active member of the IETF group that looked at Sender ID, said a scheme that reused existing SPF record was not a suitable solution to compatibility and is, in fact, “risky.”

Expecting a Fight

“The technical flaws of SenderID still exist, and the IETF didn’t think such problems could be resolved,” Schlitt said in a Web posting.

Winning back AOL and its 30 million members makes it all but impossible for the standards body to ignore Sender ID’s popularity.

Yankee Group analyst Laura DiDio said the fact that Microsoft is behind the Sender ID technology gives pause to some who might otherwise support a standard that many agree is at least as good as, if not better than, most alternatives currently in place.

“If there were another company that had developed this standard, it would still get a lot of scrutiny, but the fear factor might not be so great,” she said.

Analysts expect open source advocates to again come out against Sender ID, raising the intellectual property concern as a primary reason for moving slowly on adopting it as a standard.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Keith Regan
More in Business

LinuxInsider Channels