Microsoft and IronPort Systems today announced what the companies are calling “initial success” with the new Bonded Sender Program, IronPort’s legitimate e-mail sender program designed to reduce the deluge of unwanted e-mail sent to Microsoft customers.
For the past five months, Microsoft has worked with IronPort Systems’ Bonded Sender Program legitimate e-mail sender program on its MSN and MSN Hotmail platforms. The Bonded Sender program, powered by IronPort and certified by TRUSTe, identifies legitimate senders of e-mail based on their adherence to program standards and the posting of a financial bond.
Programs such as safe lists reputation, rating and e-mail accreditation have emerged to help prevent good e-mail from accidentally being blocked by filters. Such programs reinforce the importance of allowing legitimate marketers to communicate with their customers and help ensure that customers can correspond with institutions and organizations such as banks, political groups and retailers.
These approaches are the inverse of the early e-mail-blocking lists and avoid many of the pitfalls associated with those lists. Microsoft continues to evaluate a variety of programs for potential implementation on its MSN and Hotmail platforms.
“Because spam is our e-mail customers’ number one complaint today, our technology arsenal must include a process that works in tandem with our filters to differentiate good e-mail from junk e-mail,” said Ryan Hamlin, general manager of the Antispam Technology and Strategy Group at Microsoft. “Bonded Sender is an example of a program that effectively raises the bar on conduct for good e-mail senders, while simultaneously helping recipients such as Microsoft identify important messages that consumers have requested.”
Sender identity and reputation are the cornerstones of the next generation of e-mail systems. The root cause of today’s e-mail headaches stems from the anonymity of the Simple Mail Transfer Protocol (SMTP) used for e-mail. Next-generation e-mail infrastructure will use sender identity and reputation to dynamically implement e-mail policy.
Similar to DNS
The system is similar to a credit-rating service: The more suspicious a sender appears to be, the more restricted the access to the receiver’s network. Bonded Sender is a critical part of IronPort’s sender reputation service; it allows legitimate e-mail sources to easily identify themselves so they don’t get caught in increasingly aggressive spam filters.
With certification systems, e-mail recipient networks determine an e-mail message’s status using a process similar to that of a conventional domain name system (DNS) query. The receiving e-mail gateway sends a simple query to the program to identify the Internet Protocol (IP) addresses of program participants — one part of an e-mail message that is nearly impossible to forge.
For example, Bonded Sender provides ISPs, enterprises and other recipient networks with the IP addresses of Bonded Sender participants. Recipients can use this information to validate sources of inbound e-mail and reduce false positives (legitimate e-mail mistakenly filtered).
Avoiding Delivery Problems
“The Bonded Sender Program allows legitimate senders of e-mail to identify themselves and avoid delivery problems,” said Scott Weiss, CEO of IronPort Systems. “We are pleased to have Hotmail and MSN join our community of over 28,000 organizations that are using sender identity and reputation as the ultimate weapon in the battle against spam.”
For the Bonded Sender program, certification, third-party oversight and dispute resolution services are provided by TRUSTe, the online privacy leader known for its Web site certification program. TRUSTe monitors sender complaint rates and audits compliance with program standards.
To qualify for Bonded Sender status, participants must meet a strict set of best practices for sending commercial e-mail that exceeds standards set forth in the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) and must demonstrate a history of good sending behavior derived from recipient feedback.
Once certified, senders post a financial bond and undergo TRUSTe monitoring of compliance with program standards and complaint rates. To ensure only legitimate e-mail is sent through Bonded Sender, a sender’s bond is debited when end-user complaints exceed a certain threshold.
“So far we have been successful in applying rigorous standards and meaningful complaint rates to identify legitimate senders,” said Fran Maier, executive director of TRUSTe. “The process is working: Some senders are not able to get into the program, some are being debited due to excessive complaint rates, and all are being watched carefully — benefiting consumer inboxes.”
Microsoft continues to invest heavily in antispam research and development and to look at ways in which technology can help solve the spam problem.
Microsoft believes solving the problem will require a coordinated approach, including advanced technology, industry self-regulation, consumer education, effective legislation and targeted enforcement against illegal spammers.
The company remains committed to working with customers, partners, industry, government and law enforcement around the world to help put an end to spam. More information on Microsoft’s overall antispam approach can be found at Microsoft Spam.