Microsoft Outlines Policy and Technical Proposals Aimed at Helping Contain The
Spam Problem, Including the Development of Caller ID for E-Mail
SAN FRANCISCO, Feb. 24 /PRNewswire-FirstCall/ -- In his keynote address at
the RSA Conference 2004 today, Microsoft Corp. (Nasdaq: MSFT) Chairman and
Chief Software Architect Bill Gates announced a detailed vision and proposals
on how technology can be used to help put an end to spam, including outlining
the company's Coordinated Spam Reduction Initiative (CSRI) and technical
specifications for the establishment of Caller ID for E-Mail.
(Photo: NewsCom: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
"Spam is our e-mail customers' No. 1 complaint today, and Microsoft is
innovating on many different fronts to eradicate it," Gates said. "We believe
that Caller ID for E-Mail and the Coordinated Spam Reduction Initiative will
help change the economic model for sending spam and put spammers out of
business."
To be more effective in the fight against junk e-mail, filters need
additional information that is not available in e-mail messages today.
Microsoft believes some relatively simple but systemwide changes to the e-mail
infrastructure are needed to provide greater certainty about the origin of an
e-mail message and to enable legitimate senders to more clearly distinguish
themselves from spammers.
CSRI is Microsoft's long-range industry plan for dramatically reducing
spam through technology. It is based on three proposals to better enable
effective filtering:
-- Establish a verifiable identity in e-mail through a caller-ID approach
-- Enable high-volume e-mail senders to demonstrate their compliance with
reasonable e-mail policies
-- Create viable alternatives for smaller-scale e-mail senders to
distinguish themselves from spammers
Caller ID for E-Mail
Existing spam filters look at an e-mail message's origin to determine
whether it is spam. However, there is currently no guarantee that an e-mail
message came from whom it says it did. "Spoofing," or sending e-mail
purporting to be from someone it's not, is an increasingly common and
relatively simple way for spammers to trick filters. In addition, this
practice can pose a security risk when used to deliver e-mail viruses.
Microsoft has developed the Caller ID for E-Mail proposal to help
eliminate domain spoofing and increase the effectiveness of spam filters by
verifying what domain a message came from -- much like how caller ID for
telephones shows the phone number of the person calling. The proposal involves
three steps to authenticate a sender:
1. E-mail senders, large or small, publish the Internet protocol (IP)
addresses of their outbound e-mail servers in the Domain Name System
(DNS) in a format described in the Caller ID for E-Mail specification.
2. Recipient e-mail systems examine each message to determine the
purported responsible domain (i.e., the Internet domain that purports
to have sent the message).
3. Recipient e-mail systems query the DNS for the list of outbound e-mail
server IP addresses of the purported responsible domain. They then
check whether the IP address from which the message was received is on
that list. If no match is found, the message has most likely been
spoofed.
Microsoft is moving ahead with plans for a pilot implementation of Caller
ID for E-Mail in its Hotmail(R) service. Hotmail will begin publishing
outbound IP addresses today and will begin checking inbound addresses early
this summer. In addition, the company continues to work with others in the
industry to test this proposal, including Amazon.com Inc., Brightmail Inc. and
Sendmail Inc.
"Amazon.com is working aggressively to combat spoofing on several fronts,
and we are committed to collaborating with others in the industry to find
effective solutions for the problem of spam," said Larry Hughes Jr., senior
manager for IT Security at Amazon.com. "We look forward to working with
Microsoft and others in the industry to test their proposals."
"Most spammers disguise the source of their e-mail to evade spam filters
and detection," said Enrique Salem, CEO and president of Brightmail, a leading
provider of anti-spam technology. "We are excited to join Microsoft in testing
this new Caller ID for E-Mail technology to help promote the establishment of
verifiable identity in e-mail. We believe that by combining verifiable
identity with our Reputation Service, we will improve our best-of-breed anti-
spam technology to help legitimate e-mail get delivered while helping keep
spam out of users' inboxes."
"Authenticated sender technologies like Microsoft's caller ID are
essential to help address fraud and spam in Internet e-mail," said Eric
Allman, CTO at Sendmail. "The key to ensuring that these types of technologies
are successful is widespread adoption. Sendmail's millions of users --
including more than 70 percent of the Fortune 1000 -- substantially increase
the deployment of such technologies. We are excited to work with Microsoft in
promoting the acceptance of caller ID as an open standard on the Internet."
Best Practices for Legitimate High-Volume Senders
Not all commercial e-mail is junk. Many regulated businesses including
banks, brokerage firms and insurance companies rely on e-mail to contact their
customers and provide information about their services. Other organizations
such as airlines, news media and a variety of online retail services send
legitimate e-mail to their customers. However, today there is no easy way for
these businesses to distinguish themselves from spammers.
As outlined in its CSRI proposal, Microsoft supports the development of
reasonable behavior policies for sending commercial e-mail, similar to the
policies of behavior that organizations such as TRUSTe (http://www.truste.org/
) and others have helped establish in the area of electronic privacy.
Microsoft believes that once agreed-upon policies have been developed,
independent e-mail trust authorities (IETAs) should be established to certify
and monitor high-volume e-mail senders for compliance with such policies.
It is also Microsoft's view that organizations certified by an IETA as
complying with good e-mail behavior policies should be easily recognizable by
both filtering software and end users via safe lists or digital certificates.
Spam filters can interpret possession of a certificate or membership on a safe
list as strong evidence that the sender of the message is not a spammer, thus
enabling the technology to better distinguish legitimate e-mail from spam.
Alternatives for Smaller Senders
Small organizations need an alternate and inexpensive method to avoid
having their e-mail classified as spam, since e-mail policy compliance would
necessarily be costly. To address this issue, Microsoft proposes that
noncertified organizations pay in computer cycles instead of cash.
Spammers send millions of messages every day to be profitable because
response rates are so low, so their computers spend only a small fraction of a
second processing each message. In a spammer's economic model, spending even
five or 10 seconds per message could be prohibitively expensive. Smaller
organizations, however, that send low volumes of e-mail generally have an
abundance of computer processing power available. Although they can't afford
to spend cash for a certificate, they can afford to spend a few seconds on
each message.
Microsoft has developed a way for noncertified senders to prove that they
have indeed spent a few seconds of computer processing time on each message.
Spam filters can then recognize that a sender is not a spammer because the
sender has demonstrated behavior that would put a spammer out of business.
Ongoing Commitment
Microsoft continues to invest heavily in anti-spam research and
development and to look at innovative ways that technology can contribute to
helping solve the spam problem for users worldwide. On a broader scale,
Microsoft believes it will take a coordinated approach that includes advanced
technology, industry self-regulation, consumer education, effective
legislation and targeted enforcement against illegal spammers to solve the
spam problem. The company remains committed to working with customers,
partners, industry, government and law-enforcement agencies around the world
to help put an end to spam.
More information on Microsoft's overall anti-spam approach can be found at
http://www.microsoft.com/presspass/events/antispam/ . Detailed technical
specifications for the CSRI and Caller ID for E-Mail proposals are available
for public review and comment at http://www.microsoft.com/spam/ .
Founded in 1975, Microsoft is the worldwide leader in software, services
and Internet technologies for personal and business computing. The company
offers a wide range of products and services designed to empower people
through great software -- any time, any place and on any device.
NOTE: Microsoft and Hotmail are either registered trademarks or
trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
SOURCE Microsoft Corp.
 back to top
Related links:
http://www.microsoft.com
Photo Notes:
NewsCom:
http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO
AP Archive: http://photoarchive.ap.org
PRN Photo Desk, photodesk@prnewswire.com
CONTACT:
Rapid Response Team of Waggener Edstrom,
+1-503-443-7070, or rrt@wagged.com, for Microsoft Corp.
NOTE TO EDITORS: If you are interested in viewing additional
information on Microsoft, please visit the Microsoft(R) Web page
at http://www.microsoft.com/presspass/ on Microsoft's corporate
information pages. Web links, telephone numbers and titles were
correct at time of publication, but may since have changed. For
additional assistance, journalists and analysts may contact
Microsoft's Rapid Response Team or other appropriate contacts
listed at http://www.microsoft.com/presspass/contactpr.asp
|
