ASPnews Home

News

Analysis

Trends

Strategies

ASP Directory

Community

About Us

Search ASPnews:



internet.com
Developer
Downloads
International
Internet Lists
Internet News
Internet Resources
IT
Linux/Open Source
Personal Technology
Small Business
Windows Technology
xSP Resources
Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
internet.commerce
Be a Commerce Partner
Cheap Plane Tickets
Digital Camera Review
Register Domain Name
Memory Flash Cards
Online Education
Batteries
T-Shirts
Remote Access
Advertising Trucks
Online Degrees
Best Digital Camera
Cheap Web Hosting
Digital Camera Review



ASPnews Focus
Top News:
» SOAs So Close, Yet So Far

» Why SaaS Is Making a Comeback

» Join the Discussion: ASPnews.com's industry forums

Plus:
» More ASP News

TOP 50
Top 20 Providers
 & Top 30 Enablers
Free Newsletter!



ASPnews Shortcuts
Week's Top News

ASP News at internetnews.com

Industry Events

Discussion Forums

Industry Basics

Site Guide

Get cost-effective data protection for your Linux-based enterprise applications. Download your free trial of PeerSF from Radiant Data today.

STRATEGIES
 


E-Mail Providers Praise Progress at Sender ID Summit
By Kevin Newcomb

August 13, 2004

Members of the E-mail Service Provider Coalition (ESPC) left Microsoft’s headquarters pleased, after meeting with leading mail transfer agents (MTA), reputation and seal providers, and anti-spam vendors at a summit on the Sender ID Framework.

“It was a real show of consensus and force around authenticated e-mail,” said Trevor Hughes, executive director of the ESPC. “We have come away from the event feeling like it was a great success.”

Sender ID, the convergence of Microsoft’s Caller ID for e-mail proposal and Meng Wong’s Sender Policy Framework (SPF), verifies that each e-mail message originates from the Internet domain it claims to come from based on the sending server’s IP address. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail.

Sender ID is currently being evaluated by the Internet Engineering Task Force (IETF) as an industry standard for e-mail authentication. A final draft of the specification could be delivered when the IETF meets in two weeks.

According to Hughes, the event began with a high-level discussion of the spam environment, which led to a discussion of SPF by its author, Meng Wong. Microsoft then led a discussion of the Sender ID spec in detail. Then ISP, MTA, and anti-spam vendors discussed how they would implement Sender ID in their products or services.

“It was compelling to see five CEOs on a panel from leading organizations in the anti-spam and MTA e-mail space talking about the fact that this is a train that’s already left the station, and that we just need to make sure that it keeps chugging along. To hear how enthusiastic they were and how willing they were to make sure their pieces of the puzzle were going to work in a Sender ID environment was really encouraging,” Hughes said.

Rather than being a one-way presentation from Microsoft, there was a good two-way discussion, according to Stephen Guerra, director of deliverability and ISP relations for ESPC member Silverpop.

“We were able to offer them some good feedback, and they were very receptive of that. It wasn’t just Microsoft saying ‘this is how things are going to be’. We gave them some significant feedback and even proposed solutions for some of these issues,” Guerra said.

Microsoft is recommending that e-mail senders begin publishing their records in the SPF format by October 1, which many senders have already done. Microsoft is suggesting that e-mail receiving organizations fully implement the checks for the Sender ID protocol by December 31. This should be a very reasonable timeline, Guerra said.

“The challenge for Sender ID is really not going to be implementing it on the ESP side,” he said. “What’s probably going to be the biggest challenge for ESPC members is working with their clients, making sure this information is being published in their records appropriately.”

Sender ID requires that information about a sender’s authorized IP addresses be published in the DNS records of the domain that is responsible for the message being sent. If a marketing e-mail is sent from a client’s domain, ESPs like Silverpop will either have to control that domain themselves, or work with the client’s IT departments to make sure the ESP’s servers are published as authorized senders in their DNS records.

A bigger challenge facing the e-mail industry as a whole is educating those that are unaware that these changes are going to affect them, Guerra said. While a lot of focus has been put on e-mail marketing, senders of transactional e-mails or just regular corporate e-mail senders may be caught unaware if they are not addressing these protocols.

“Some corporate servers are going to find that their corporate mail will become harder to get through in the next few months if they’re not adding this to their outgoing messages and their DNS records,” he said. “A recurring topic at summit was that the ESP industry as a whole needs to step up and educate the e-mail industry in general about Sender ID and the other authentication protocols that are coming.”

“This is a big first step, but it is not a silver bullet,” Hughes said. “I would hope that people would not look at their inboxes in January and see just as much spam as they had in December and decide Sender ID is a failure. I think that would be entirely the wrong metric.”

What Sender ID will do is address phishing — scams which attempt to trick users into divulging sensitive information, such as credit card numbers or account passwords, by pretending to be from a legitimate source, and spoofing — sending e-mail purporting to be from someone it’s not.

“It’s also going to let legitimate senders stand up and be recognized; to be held accountable for their sending practices, and also be rewarded for good sending practices,” Hughes said.

While complying with Sender ID will not guarantee that mail will reach the intended inbox or avoid filtering, what it may do is give the message a better chance of getting through.

“That deliverability message is really important to the legitimate e-mail industry. Even the fact that it will be a consideration in weighing whether something gets into the inbox is a significant step forward in terms of deliverability,” Hughes said. “What I envision, and would expect in the next 12 months, is a day in which legitimate senders are authenticating all of their e-mail, and it is routinely being whitelisted and delivered directly into the inbox.”

That way, if someone violates the expectations of the subscriber, they can be held accountable, because now their identity is known. In addition, a whitelist of legitimate e-mail senders will allow ISPs to be more aggressive in labeling suspect messages as spam.

“Filtering is really good for 90 percent of spam, but once you try to get that last 10 percent, you start hitting false positives that become problematic. This is going to allow ISPs to have much greater confidence in filtering that last 10 percent of spam,” Hughes said.

Email this Article
View Printable Version
Back to Strategies

 

Featured Links
Learn the secrets of the popular search engines!
Free Web Hosting Buyer's Guide -- Click Here!
Enhance your Web site with the Dynamic HTML HierMenus Code


JupiterWeb networks:

internet.comearthweb.comDevx.comGraphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
Jupiterimages, JupiterWeb and JupiterResearch

Copyright 2005 Jupitermedia Corporation All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | Shopping | E-mail Offers


Give us your Feedback