Company promises not to sue users of e-mail authentication spec
Microsoft is making the Sender ID framework specification for e-mail authentication available to users at no cost and with the guarantee that the company will never take legal action against them.
The Sender ID specification is now available to anybody wanting to use it under Microsofts OSP (Open Specification Promise), Microsoft said Oct. 23. The Redmond, Wash., software maker issued the promise on its Interoperability Web page Sept. 12, when it said it will not take legal action against developers or customers that use any of 35 Web services specifications.
"By putting Sender ID under the Open Specification Promise, our goal is to put [lingering questions about licensing terms] to rest and advance interoperable efforts for online safety worldwide," said Brian Arbogast, corporate vice president of Microsofts Windows Live Platform Development Group.
In 2005, The Apache Software Foundation said the licensing policies around Sender ID were not compatible with Apaches own policies, and the open-source organization decided not to implement Sender ID.
This Microsoft move is part of an ongoing effort to promote further industry interoperability among commercial software solutions and ISPs that use e-mail authentication, including open-source solutions.
Over the past four months, Microsoft has announced key interoperability initiatives focused on business and technical activities, including the establishment of an Interoperability Customer Executive Council, the Open XML Translator project, and the strategic relationship with XenSource to develop technology to provide interoperability between Xen-enabled Linux and Microsoft Windows Server virtualization.
Sender ID has been deployed worldwide to more than 600 million users over the past two years, and more than 36 percent of all legitimate e-mail sent worldwide uses Sender ID. About 5 million domains worldwide are protected by Sender ID, Arbogast said. One of the key goals behind the Sender ID protocol is to help stop the spread of online exploits in e-mail by helping address domain spoofing, a tactic used in more than 95 percent of all exploits where the name in the "To:" line of the e-mail is forged.
Keith McCall, chief technology officer and co-founder of Azaleos, also in Redmond, said that by adding Sender ID to OSP, Microsoft will drive further awareness of need for IT organizations to deploy infrastructure for e-mail authentication.
"In any implementation of security technology, though, its important to deliver multiple layers of protection. Spam-filtering companies like Cloudmark often add support for other protocols that can enable customers to use either Sender ID or an adjunct standard called DomainKeys/DKIM separately, or a combination of the two, for optimum protection," McCall said.
Research data from MarkMonitor, which was validated by Microsoft, on the DNS (Domain Name System) has found that there has been a threefold increase in Sender ID adoption among Fortune 500 companies to 24 percent in October 2006 from just 7 percent in July 2005.
The research also found that there are more than a dozen third-party solutions that support Sender ID, while adoption is growing among companies, including Barracuda Networks, Cloudmark, Iconix, IronPort Systems, SonicWall, Microsoft, Port25 Solutions, Sendmail, Message Systems and Symantec.
A number of networks that have implemented Sender ID were recently able to protect their users from the threat posed by a site that spoofed the release of Microsofts Internet Explorer 7 and directed consumers to a site loaded with Trojan downloader codes.
A Timeline for Microsoft Openness
* Sept. 12 Makes OSP; says it will not take legal action against anyone who uses any of 35 Web services specifications
* Oct. 17 Makes its Virtual Hard
Disk image format specification available under OSP
* Oct. 23 Makes Sender ID framework specification for e-mail authentication available to users at no cost
Source: eWEEK reporting
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.
He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.
He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.
He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.
He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.
He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.
His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.
For numerous examples of his writing you can search under his name at the eWEEK Website at www.eweek.com.