Sender ID Finds New Life

By Wayne Rash  |  Posted 2004-10-15 Print this article Print

A Canadian ISP is using Microsoft's Sender ID technology in its iPermitMail virtual e-mail firewall.

Internet Light and Power says it will become one of the first ISPs to deploy Microsoft Corp.s anticipated Sender ID technology in daily operations. Sender ID will become part of the Toronto-based companys iPermitMail virtual e-mail firewall, which ILAP developed as a means of combating e-mail fraud. According to ILAP President Tristan Goguen, the product is already quite effective against spam, but it still has problems with fraudulent e-mail addresses; he expects Sender ID to solve those problems. iPermitMail is in use at a number of other ISPs and enterprises throughout the world in addition to ILAP, Goguen said.
With Sender ID, "businesses no longer have to worry about their trademarks being compromised, and recipients can have confidence that their mail isnt fraudulent," Goguen said. He said that his company plans to layer Sender ID on top of iPermitMail to assure its users that that their mail will be essentially free of fraudulent e-mail, phishing scams and spam.
"The objective," Goguen said, "is to solve the spam problem." Solving the spam problem is also Microsofts goal, according to company spokesman Sean Sundwall. He said the companys Sender ID technology is moving ahead as planned. While its not widely adopted as yet, its growing, and he said that there are already "a handful" of ISPs and companies that have asked for licenses. The pace should pick up soon, Sundwall said. The Redmond, Wash., company is working on the document that defines Sender ID to refine the changes that came out of the MARID group. Once thats done—probably next week—Sundwall said that the next hurdle is the Federal Trade Commission meeting on Nov. 9. Once that happens, he said, he expects interest to pick up significantly. Sender ID will soon be history, Security Center Editor Larry Seltzer writes. Click here to read more. Sender ID as its currently defined can use one of two methods of authentication, either the open-source SRA or Microsofts PRA (purported reply address), which compares the origination IP address in the mail header with the reply address in the header. Sundwall said that only recipients using PRA will be asked to license Microsofts technology, and then only if the patent thats currently pending is actually granted. Sundwall said he expects many if not most companies to use both methods of authentication. Sender ID is an important solution to phishing and spam, according to Sundwall, and thats exactly how ILAP plans to use it. "Were encouraging everyone to publish SPF records," Goguen said. Right now, he said, only about 5 percent of the mail his company receives contains SPF records, but he expects that number to grow rapidly as Sender ID is accepted over time. Sundwall apparently hopes events move more quickly. "We have to stop the bleeding," Sundwall said, "and Sender ID is a good tourniquet." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Be sure to add our Security news feed to your RSS newsreader or My Yahoo page

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel