MARID Proposal Presses On

By Larry Seltzer  |  Posted 2004-08-02 Print this article Print

Analysis: The IETF standards effort to make Internet e-mail less spam-friendly is proceeding, but with no small measure of disagreement. The working group discussions have been contentious, but powerful players support the initiative.

For the past several months a standards group of the Internet Engineering Task Force named MTA Authorization Records in DNS, or MARID, has labored to form a proposed standard for SMTP authentication. That effort will move along one step this week at the 60th IETF meeting in San Diego.

Based originally on SPF (Sender Policy Framework), an effort driven by Meng Weng Wong, co-founder and CTO of, it has grown in scope to include many other functions, most controversially the authentication of mail header data. The result is a set of documents defining Sender ID, which the IETF will consider for advancement in the standards process.

Fed up with spam? Read eWEEK.coms special report
The aim of SMTP authentication is to impose some rules on an Internet e-mail system that heretofore, when an Internet e-mail message is sent purporting to come from a particular address, there is no verification process to confirm that it did come from that address. Spammers, phishers and virus authors know this full well and use the fact to disguise the source of their messages.

Sender ID does not pretend to be a full anti-spam solution, just a necessary part of one. Meng Wong describes a framework called Aspen under which spam is addressed by authentication, accreditation and reputation. Accreditation, according to Wong, "lets third parties vouch for senders with whom they have a prior relationship." Reputation is more of a ratings system for senders and accreditors. Many companies, including Brightmail (recently purchased by Symantec), have entered the reputation service business. Sender ID directly enables authentication and accreditation and touches on reputation. It is also backward-compatible with SPF.

SPF and almost all the many variants discussed in the working group set rules for the authorization to send mail by putting new records in the domains DNS (hence the name MARID). Understanding the specifications and the arguments between participants in the standards process often requires expert understanding of DNS jargon.

Next page: The Microsoft bogeyman.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel