Microsoft Opens Access to Its Sender ID Spec

 
 
By Peter Galli  |  Posted 2006-10-23 Email Print this article Print
 
 
 
 
 
 
 

The specification will now be available to anybody wanting to use it under Microsoft's Open Specification Promise.

Microsoft has made the Sender ID framework specification for e-mail authentication available to users at no cost and with the guarantee that it will never take legal action against them. The Sender ID specification will now be available to anybody wanting to use it under Microsofts Open Specification Promise.
The Redmond, Wash.-based software maker issued the promise on its Interoperability Web page Sept. 12, when the company promised not to take any legal action against developers or customers who use any of 35 Web Service specifications.
"There have been lingering questions from some members of the development community about the licensing terms from Microsoft and how those terms may affect their ability to implement Sender ID," said Brian Arbogast, the corporate vice president of Microsofts Windows Live Platform Development Group. "By putting Sender ID under the Open Specification Promise, our goal is to put those questions to rest and advance interoperable efforts for online safety worldwide," he added. In 2005 the Apache Software Foundation said that the licensing policies around Sender ID were not compatible with Apaches own policies, and the open-source organization decided not to implement Sender ID.
This latest Microsoft move is part of an ongoing effort to promote further industry interoperability among commercial software solutions and ISPs that utilized e-mail authentication, including open-source solutions. "Users will now be able to implement, commercialize and modify this patented e-mail authentication technology without having to sign a licensing agreement," Arbogast said. Over the past four months Microsoft has announced a number of key interoperability activities focused on business and technical activities, including the establishment of an Interoperability Customer Executive Council, the Open XML Translator Project, and the strategic relationship with XenSource for the development of technology to provide interoperability between Xen-enabled Linux and Windows Server virtualization. Sender ID has been deployed worldwide to more than 600 million users over the past two years, and more than 36 percent of all legitimate e-mail sent worldwide uses Sender ID. An estimated 5 million domains worldwide are also protected by Sender ID, Arbogast said. One of the primary goals behind the Sender ID protocol is to try and help stop the spread of spam, phishing scams, malware and other online exploits in e-mail by helping address domain spoofing, a tactic used in over 95 percent of all exploits where the name in the "To:" line of the e-mail is forged. Keith McCall, the CTO and co-founder of Azaleos, told eWEEK on Oct. 23 that by adding Sender ID to the Open Specification Promise, Microsoft will drive further awareness of the need for IT organizations to deploy infrastructure for e-mail authentication. "In any implementation of security technology, though, its important to deliver multiple layers of protection. Spam-filtering companies like Cloudmark often add support for other protocols that can enable customers to use either Sender ID or an adjunct standard called DomainKeys/DKIM separately, or a combination of the two, for optimum protection," he said. Research data from MarkMonitor, which was validated by Microsoft, on the DNS (Domain Name System) has found that there has been a threefold increase in Sender ID adoption among Fortune 500 companies to 24 percent today from just 7 percent in July 2005. It also found that there are currently more than a dozen third-party solutions that support Sender ID, while adoption is growing among companies, including Barracuda Networks, Cloudmark, Iconix, IronPort Systems, SonicWall Microsoft, Port25 Solutions, Sendmail, MessageSystems, Symantec and Tumbleweed Communications. Is e-mail authentication back on the radar? Click here to read more. A number of networks that have implemented Sender ID, including Windows LiveMail, were recently able to protect their users from the threat posed by a site that spoofed the release of Internet Explorer 7 and directed consumers to a site loaded with Trojan downloader codes. Traffic to the Web site was being driven by a spoofed e-mail message claiming to be from support@microsoft.com. "This is an example of the deception and forgery Sender ID protects against, and highlights the importance of implementing Sender ID to protecting users and business from day zero and malicious e-mail exploits," Arbogast said. This latest Microsoft move has been welcomed by other players in the e-mail space. "By making Sender ID available under the OSP, Microsoft is addressing the interoperability needs of heterogeneous e-mail infrastructures. Were pleased to see this development and believe its a positive step in the fight against spoofing, phishing and other categories of unwanted messaging," said Eric Allman, the chief science officer at Sendmail. Click here to read more about how Microsoft removed the obstacle to the adoption of its VHD specification. Patrick Peterson, the vice president of technology at IronPort Systems, said he hopes that having the Sender ID specification under the OSP will result in widespread adoption across the industry. Check out eWEEK.coms for Microsoft and Windows news, views and analysis.
 
 
 
 
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at www.eweek.com.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel