Sender ID Finds New Life

A Canadian ISP is using Microsoft's Sender ID technology in its iPermitMail virtual e-mail firewall.

Internet Light and Power says it will become one of the first ISPs to deploy Microsoft Corp.s anticipated Sender ID technology in daily operations.

Sender ID will become part of the Toronto-based companys iPermitMail virtual e-mail firewall, which ILAP developed as a means of combating e-mail fraud.

According to ILAP President Tristan Goguen, the product is already quite effective against spam, but it still has problems with fraudulent e-mail addresses; he expects Sender ID to solve those problems. iPermitMail is in use at a number of other ISPs and enterprises throughout the world in addition to ILAP, Goguen said.

With Sender ID, "businesses no longer have to worry about their trademarks being compromised, and recipients can have confidence that their mail isnt fraudulent," Goguen said. He said that his company plans to layer Sender ID on top of iPermitMail to assure its users that that their mail will be essentially free of fraudulent e-mail, phishing scams and spam.

"The objective," Goguen said, "is to solve the spam problem."

Solving the spam problem is also Microsofts goal, according to company spokesman Sean Sundwall. He said the companys Sender ID technology is moving ahead as planned. While its not widely adopted as yet, its growing, and he said that there are already "a handful" of ISPs and companies that have asked for licenses.

The pace should pick up soon, Sundwall said. The Redmond, Wash., company is working on the document that defines Sender ID to refine the changes that came out of the MARID group. Once thats done—probably next week—Sundwall said that the next hurdle is the Federal Trade Commission meeting on Nov. 9. Once that happens, he said, he expects interest to pick up significantly.

/zimages/2/28571.gifSender ID will soon be history, Security Center Editor Larry Seltzer writes. Click here to read more.

Sender ID as its currently defined can use one of two methods of authentication, either the open-source SRA or Microsofts PRA (purported reply address), which compares the origination IP address in the mail header with the reply address in the header. Sundwall said that only recipients using PRA will be asked to license Microsofts technology, and then only if the patent thats currently pending is actually granted. Sundwall said he expects many if not most companies to use both methods of authentication.

Sender ID is an important solution to phishing and spam, according to Sundwall, and thats exactly how ILAP plans to use it. "Were encouraging everyone to publish SPF records," Goguen said. Right now, he said, only about 5 percent of the mail his company receives contains SPF records, but he expects that number to grow rapidly as Sender ID is accepted over time.

Sundwall apparently hopes events move more quickly. "We have to stop the bleeding," Sundwall said, "and Sender ID is a good tourniquet."

/zimages/2/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our Security news feed to your RSS newsreader or My Yahoo page

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...