News

Microsoft Outlines Anti-Spam Technical Roadmap

Microsoft this week unveiled its long-awaited technical roadmap for combating spam, which the company identifies as the top complaint of its e-mail customers.

Formally called the Coordinated Spam Reduction Initiative or CSRI, Microsoft's anti-spam proposal consists of three industry-wide steps:

  • Development of an e-mail equivalent of Caller ID to make spoofing a less attractive method for spammers.
  • Creation of independent e-mail trust authorities (IETAs) that would certify and monitor legitimate high-volume e-mail senders. The IETAs would help set reasonable behavior policies and verify the identities of compliant senders through digital certificates or safe lists. The IETAs would charge high-volume e-mailers large fees for their services.
  • Creation of a less expensive alternative for low volume e-mailers than the independent e-mail trust authorities. An example of an alternative would be payment in computer cycles, through required tasks that expend a few seconds worth of compute cycles per message sent. Spending that kind of time per message would put high-volume spammers out of business, according to Microsoft.

    Microsoft describes CSRI as a specification in the draft-for-comment stage and posted it online at www.microsoft.com/spam.

    Already the company has very high hopes for CSRI. In announcing the initiative at the RSA Security Conference this week, Microsoft co-founder Bill Gates said, "We believe that Caller ID for e-mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business."

    Gates and other Microsoft officials gave the most attention to the Caller ID portion of the proposal. The idea, which Microsoft has been working on for about a year, would require three steps to work. First, all e-mail senders would publish the IP addresses of their outbound e-mail servers in the Domain Name System in a format described in the Caller ID for E-mail specification. Recipient e-mail systems would check each message to determine the purported responsible domain. Then the recipient systems would query the DNS to check the IP address of the message against registered outbound e-mail IP addresses for that domain.

    Microsoft began a pilot implementation of Caller ID for E-mail in its Hotmail service this week. The pilot starts with Hotmail publishing outbound IP addresses. Microsoft's free e-mail service will begin checking inbound addresses early this summer.

    A few major companies have signed on to test the Caller ID proposal -- Amazon, Brightmail and Sendmail.

    The technical roadmap comes about a month after Gates told an audience at the Davos summit that "in the next 12 to 18 months we can expect (spam) not to be a major problem as today."

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations

      Microsoft this week described "three new pieces" of malware that were used in the SolarWinds Orion espionage attacks dubbed "Solorigate," although Microsoft security researches are now calling it "Nobelium."

    • Microsoft Universal Print Service Commercially Released

      Microsoft announced on Tuesday that its Universal Print service is now commercially released at the "general availability" stage worldwide.

    • Restoring a Backup to Dissimilar Hardware: 3 Things To Watch Out For

      Getting a new desktop looking and feeling like the old one used to take a long time, but modern backup applications have greatly streamlined the process. Still, there are a few things to keep in mind to avoid potential issues.

    • Black Box

      Microsoft Releases Windows Server 2022 Preview

      Microsoft announced during its Ignite event that Window Server 2022 is currently availability at the preview stage.

    comments powered by Disqus