Microsoft Corp. has submitted a draft technical specification of the e-mail authentication system Sender ID to the Internet Engineering Task Force (IETF) for consideration as an industry-wide standard, the Redmond, Washington software company announced this week.
Sender ID combines Microsoft's Caller ID for E-mail (which was submitted to the IETF for consideration in May) with Sender Policy Framework (SPF). SPF, also known as Sender Policy Framework, was authored by Meng Weng Wong, the cofounder and chief technology officer at Pobox.com, a provider of subscription-based e-mail forwarding and mailing list services. Meng submitted SPF to the IETF in February.
Sender ID maintains lists of IP (Internet Protocol) addresses from which sent e-mail can be traced, and if adopted as a standard, could provide a way to close loopholes that allow e-mail senders to spoof or fake the origin of their message. The unified specification, which was the result of discussions between Microsoft and Meng that lasted from January to May, is aimed at simplifying industry adoption of effective e-mail authentication technology, Microsoft said in a statement Wednesday.
The IETF is also considering another mail authentication submission from Yahoo Inc., called DomainKeys. DomainKeys works differently from Sender ID by using encryption to generate a signature based on the e-mail message text that is placed in the message header.
IETF is a large open international community of network designers, operators, vendors and researchers whose work is carried out in working groups that operate mainly through mailing lists. The IETF holds three meetings a year, with the next one scheduled to take place Aug. 1 to Aug. 6 in San Diego.
The push for an e-mail authentication standard has recently been gaining more attention. On Tuesday, the Anti-Spam Technical Alliance's (ASTA), whose members include such high profile e-mail providers as Yahoo, Microsoft, America Online Inc. and EarthLink Inc., released its recommendations for stemming the tide of spam, or unsolicited commercial e-mail.