Spam Battle Moving to Authentication

New tools from Microsoft, Yahoo and others look to block unwanted e-mails at the gateway.

Enterprises will be getting new tools to combat the intractable spam problem as e-mail server software developers and third-party software tools embrace efforts to authenticate e-mail senders at the gateway to block both spam and viruses.

Microsoft Corp. made a number of announcements surrounding spam-blocking technologies for its Exchange messaging server at its TechEd conference in San Diego this week.

Service Pack 1 for Exchange 2003 contains the Microsoft Exchange Intelligent Message Filter (IMF)—which uses the SmartScreen heuristics-based content-filtering technology deployed at Microsofts MSN and Hotmail services—as another tool to screen out spam messages based on content.

But perhaps more importantly, Microsoft announced at the show that its Caller ID for E-mail proposal will be merged with the vendor-independent Sender Policy Framework (SPF) specification.

Both efforts are designed to make improvements in SMTP to prevent spammers from "spoofing," or forging legitimate e-mail addresses as the return addresses of their messages.

The merged specification will likely be published and submitted to the Internet Engineering Task Force by June and then included in Exchange Edge Services—an enhancement to the SMTP relay in Exchange Server that is planned for release next year.

Another technology to improve SMTP authentication, Yahoo Inc.s DomainKeys, may also join the effort at some point.

Meng Weng Wong, chief technology officer of e-mail forwarding service and leader of the group behind SPF, said DomainKeys needs more infrastructure upgrades before it can join the SPF/Caller ID effort.

"We dont want to bite off more than we can chew at this point," he said in Philadelphia. "I am working with Yahoo to define a DomainKeys directive inside the SPF language, though, which will help them a lot when theyre more ready to deploy."

Yahoo officials did not respond to requests for comment.

IBMs Lotus Software division, one of the top two developers of corporate e-mail software along with Microsoft, said it applauds the Caller ID/SPF union and plans to lend its support to the effort.

"We had urged the Caller ID and SPF people to merge their efforts," said Michael Shamrell, spokesman for the Lotus division. "Theres no reason we wont support the merged spec as soon as it stabilizes. It seems to have the backing of our development teams."

Next Page: Safelists based on IP address and presolved puzzle validity.