Microsoft has released its Sender ID framework for email under the Open Specification Promise (OSP), thereby making it freely available to anyone who wants to use it to improve their email security.
Sender ID is an anti-spam technology born out of the Internet Engineering Task Force (IETF), which Microsoft participated in and holds a number of patents. Up until the OSP release, those patents made the Microsoft (Quote) implementation of Sender ID incompatible with more relaxed, open licenses, such as the GNU General Public License.
Microsoft's Open Specification Promise is essentially its own GPL. It's an irrevocable promise to every individual in the world that they can make use of the technology easily and for free.
The company introduced its implementation of Sender ID two years ago and now says 36 percent of all legitimate email sent worldwide is using Sender ID, with an estimated five million domains worldwide protected by Sender ID.
There are three basic features to Microsoft's Sender ID framework, according to John Scarrow, general manager of the Technology Care and Safety Group at Microsoft.First is the ability to assign senders to IP addresses. For example, a bank can identify its official email servers by IP address, and receiving email servers can validate against that list. Therefore, someone attempting to spoof (define) a bank would be rejected because the mail servers don't recognize their IP address as legitimate.
Building on this, it reduces spam considerably since so much spam is spoofed. Scarrow said spoofing legitimate brand names improves the chances people will actually read the spam letter.
Lastly, it allows for a reputation to be associated with a sending domain. An ISP can decide to allow all emails from a domain because of its excellent record and reputation and it can block a domain from sending any emails if it gets a reputation for producing lots of spam.
With 36 percent penetration, Microsoft's Sender ID has a way to go, and Scarrow thinks the OSP promise will do the trick. "The big holdouts aren't so big," he said. "The email tail on sending domains is very large, and often the holdup is just a matter of education."
OSP removes legal concerns, which should help it penetrate the "tail" of email providers and servers quite a bit quicker as well, he said.
The biggest challenge for organizations to set up Sender ID is identifying all of the IP addresses that are sending email today. Once that's done, publishing the list takes five minutes, said Scarrow.