Microsoft Caller-ID (AKA son of SPF)

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 25 Feb 2004 13:51:06 +1000
From: Ian Peter <ian.peter () ianpeter com>
Subject: Microsoft Caller-ID (AKA son of SPF)
To: dave () farber net

Dave, in case no-one else has noticed this -

To Microsoft's credit they acknowledge the origins of their Caller-ID
proposal in SPF (previously talked about on this list) and LMAP, which
came from IETF's Anti_Spam Research Group. Detailed documentation is
available from
http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx.


The test over the next few weeks will be the extent to which the
AOL/SPF, Microsoft/Sendmail/Caller-ID and IETF/LMAP proposals can work
with each other.


Ian Peter
Ian Peter and Associates Pty Ltd
P.O. Box 10670 Adelaide St
Brisbane 4000 Australia
Tel 61 7 3870 1181
Mobile 0419 667772

http://www.microsoft.com/presspass/press/2004/feb04/02-24RSAAntiSpamTech
VisionPR.asp


(reproduced in part)

Bill Gates Outlines Technology Vision to Help Stop Spam

Microsoft Outlines Policy and Technical Proposals Aimed at Helping
Contain The Spam Problem, Including the Development of Caller ID for
E-Mail

SAN FRANCISCO -- Feb. 24, 2004 -- In his keynote address at the RSA
Conference 2004 today, Microsoft Corp. Chairman and Chief Software
Architect Bill Gates announced a detailed vision and proposals on how
technology can be used to help put an end to spam, including outlining
the company's Coordinated Spam Reduction Initiative (CSRI) and technical
specifications for the establishment of Caller ID for E-Mail.

"Spam is our e-mail customers' No. 1 complaint today, and Microsoft is
innovating on many different fronts to eradicate it," Gates said. "We
believe that Caller ID for E-Mail and the Coordinated Spam Reduction
Initiative will help change the economic model for sending spam and put
spammers out of business."

To be more effective in the fight against junk e-mail, filters need
additional information that is not available in e-mail messages today.
Microsoft believes some relatively simple but systemwide changes to the
e-mail infrastructure are needed to provide greater certainty about the
origin of an e-mail message and to enable legitimate senders to more
clearly distinguish themselves from spammers.

CSRI is Microsoft's long-range industry plan for dramatically reducing
spam through technology. It is based on three proposals to better enable
effective filtering:

Establish a verifiable identity in e-mail through a caller-ID approach
Enable high-volume e-mail senders to demonstrate their compliance with
reasonable e-mail policies

Create viable alternatives for smaller-scale e-mail senders to
distinguish themselves from spammers

Caller ID for E-Mail

Existing spam filters look at an e-mail message's origin to determine
whether it is spam. However, there is currently no guarantee that an
e-mail message came from whom it says it did. "Spoofing," or sending
e-mail purporting to be from someone it's not, is an increasingly common
and relatively simple way for spammers to trick filters. In addition,
this practice can pose a security risk when used to deliver e-mail
viruses.
Microsoft has developed the Caller ID for E-Mail proposal to help
eliminate domain spoofing and increase the effectiveness of spam filters
by verifying what domain a message came from -- much like how caller ID
for telephones shows the phone number of the person calling. The
proposal involves three steps to authenticate a sender:

E-mail senders, large or small, publish the Internet protocol (IP)
addresses of their outbound e-mail servers in the Domain Name System
(DNS) in a format described in the Caller ID for E-Mail specification.
Recipient e-mail systems examine each message to determine the purported
responsible domain (i.e., the Internet domain that purports to have sent
the message).

Recipient e-mail systems query the DNS for the list of outbound e-mail
server IP addresses of the purported responsible domain. They then check
whether the IP address from which the message was received is on that
list. If no match is found, the message has most likely been spoofed.

Microsoft is moving ahead with plans for a pilot implementation of
Caller ID for E-Mail in its HotmailR service. Hotmail will begin
publishing outbound IP addresses today and will begin checking inbound
addresses early this summer. In addition, the company continues to work
with others in the industry to test this proposal, including Amazon.com
Inc., Brightmail Inc. and Sendmail Inc.

"Amazon.com is working aggressively to combat spoofing on several
fronts, and we are committed to collaborating with others in the
industry to find effective solutions for the problem of spam," said
Larry Hughes Jr., senior manager for IT Security at Amazon.com. "We look
forward to working with Microsoft and others in the industry to test
their proposals."

"Most spammers disguise the source of their e-mail to evade spam filters
and detection," said Enrique Salem, CEO and president of Brightmail, a
leading provider of anti-spam technology. "We are excited to join
Microsoft in testing this new Caller ID for E-Mail technology to help
promote the establishment of verifiable identity in e-mail. We believe
that by combining verifiable identity with our Reputation Service, we
will improve our best-of-breed anti-spam technology to help legitimate
e-mail get delivered while helping keep spam out of users' inboxes."

"Authenticated sender technologies like Microsoft's caller ID are
essential to help address fraud and spam in Internet e-mail," said Eric
Allman, CTO at Sendmail. "The key to ensuring that these types of
technologies are successful is widespread adoption. Sendmail's millions
of users -- including more than 70 percent of the Fortune 1000 --
substantially increase the deployment of such technologies. We are
excited to work with Microsoft in promoting the acceptance of caller ID
as an open standard on the Internet."

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/