Hotmail Implements Sender ID To Thwart Spam

Putting its own anti-spam technology to work — and possibly hoping to highlight its effectiveness — Microsoft has begun to use Sender ID to divert questionable messages away from the e-mail inboxes of Hotmail account holders.

Microsoft has begun verifying e-mail origins with its Sender ID framework, a technology the company developed and hopes to see adopted as an industry-wide standard for authenticating messages.

Users of Hotmail, the free Web e-mail service offered through Microsoft’s MSN portal, are being alerted when messages sent to their addresses are diverted into their Junk Mail folder or being deleted entirely because Sender ID could not verify that a message was actually sent from the domain claimed in the “from” field and other parts of the message.

Concerns Expressed

Microsoft began notifying Internet service providers (ISPs) of the implementation this week.

The technology is being rolled out despite concerns from security experts and others, who believe that thousands of legitimate messages might be swept into “junk” mailboxes along with true spam. It’s also drawing criticism because it requires senders of messages to employ compatible technology, a move seen by some as a strong-arm tactic to boost Sender ID adoption in the face of considerable resistance.

In an interview on the Microsoft Web site, Craig Spiezle, a director in the Technology Care and Safety group at Microsoft, said the move would protect both consumers and legitimate online businesses from both commercial spam and more sinister unwanted messages, such as phishing attacks.

“Not only are consumers at risk of losing their privacy and financial assets, but legitimate businesses that have had their name and e-mail domains used in phishing schemes often are faced with damage to the reputation of and trust in the brand name they’ve worked so hard to establish,” Spiezle said. “It’s critically important that the industry and businesses work together to help protect people and organizations from these concerns and help restore confidence in electronic messaging and e-commerce.”

In order to ensure deliver of mail, senders have to publish so-called sender policy frameworks. Microsoft claims that around 1 million domains currently publish SPF records, which still leaves more than 70 million registered domains uncovered by the technology, though some analysts say as much as 30 percent of all e-mail carries Sender ID information.

Try and Try Again

Spiezle also described the Sender ID push as a “to action for domain holders and e-mail senders to publish their SPF records to help protect their brands and maximize the deliverability and reliability of their e-mail.”

Though designed to cut down on spam, the service could in fact force users to check their junk mailboxes more frequently to ensure that legitimate messages aren’t being sent there incorrectly.

Microsoft’s efforts to get Sender ID recognized as a worldwide standard for curbing spam have had mixed results, with some ISPs first adopting then later abandoning the technology. Some have cited the rise of alternatives, such as Yahoo’s DomainKeys approach and IBM’s Fair Use of Unsolicited Commercial E-mail, or FairUCE.

Last fall, the Internet Engineering Task Force dissolved a working group on Sender ID, saying it could not reach consensus on some key issues around implementation.

Whatever method emerges as the leader, Forrester Research analyst Jonathan Penn said the various validation technologies are seen as a key tool to fighting spam and have the power to tilt the battlefield in favor of consumers and legitimate businesses in a way that few other technological or legal approaches have.

“It’s traditionally been too easy for spammers to hide their identities,” Penn said.

Microsoft Reputation

That likely explains Microsoft’s eagerness to be at the forefront of the verification movement. Analysts noted that by requiring Sender ID to ensure delivery to its millions of users, Microsoft is leveraging the popularity of Hotmail to increase uptake of Sender ID.

Though some greet its efforts with skepticism given its spotty record on security issues, Microsoft has been at the forefront of anti-spam efforts in a number of ways, forging alliances with other Web service providers and leading the charge into court to sue spammers or help law enforcement bring criminal charges.

In fact, Yankee Group analyst Laura DiDio told the E-Commerce Times that if Sender ID had been put forth by another company with a different reputation or grew out of the open-source movement, the reception might have been much different.

“The presence of Microsoft creates a fear factor about ulterior motives among the rest of the tech community,” DiDio said. That’s especially true in times when open-source approaches are gaining increasing favor as a way of making disparate technologies work together.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels