Ads are not an endorsement by the blog author.

AdamKB @ AOL.COM - Weblog

Public Journal
 Back to Journal Archives | Subscribe to Alerts Alerts Subscribe to Alerts | Feeds
< Sessions@AOL on F
Tuesday, October 19, 2004 AOL surveys onlin >
Monday, October 25, 2004
October 2004
10/25/04
AOL surveys online security, safety
10/25/04
AOL & Microsoft agree on SenderID plans
10/19/04
Sessions@AOL on Fuse TV
10/15/04
Solution for AOL & OS X FTP authentication problems (or: AdamKB writes an FTP FAQ)
10/8/04
AOL to release IE-based browser?
10/7/04
AOL's new advertising campaign
« October 2004 Archive
Monday, October 25, 2004

AOL & Microsoft agree on SenderID plans


I previously blogged about Microsoft's Sender ID proposal being soundly rejected by AOL and others.

Well, now they've revised their proposal...

http://aolsvc.news.aol.com/news/article.adp?id=20041025173109990043&cid=949

WASHINGTON, Oct 25 (Reuters) - Microsoft Corp. on Monday said it had revised its proposal to weed out "spam" e-mail to win over skeptical Internet engineers who have been reluctant to adopt technology owned by the dominant software company.

Microsoft officials said they have revised their SenderID protocol to work better with an existing standard and have narrowed their patent application to make sure it does not cover other proposals.

...

Microsoft in May combined its Sender ID proposal with another developed by entrepreneur Meng Wong and submitted them to the standards-setting Internet Engineering Task Force for approval.

But several key players said they would not use the standard because Microsoft holds patents on the underlying technology, even though Microsoft has said it will not charge for its use.

Ryan Hamlin, general manager of Microsoft's anti-spam group, said the patent was necessary to protect the company from frivolous lawsuits.

SenderID and Wong's Sender Policy Framework proposal work in slightly different ways. SPF checks the "bounce" address provided to return undeliverable mail, while SenderID looks at another address buried deeper within technical routing records.

Microsoft's approach is designed to help catch fraudulent "phishing" messages that disguise themselves as banks or other legitimate businesses in a bid to collect bank-account numbers and other sensitive information, Hamlin said.

"Now you have a framework that will encompass both of those checks together," said Carl Hutzler, AOL's director of anti- spam operations.

Microsoft said it had resubmitted SenderID to the IETF for approval.

...and AOL is back on board.

http://media.aoltimewarner.com/media/press_view.cfm?release_num=55254241

"Today is an important day in the joint, collaborative effort by antispam partners inthe online industry to test and develop email authentication technologies that help further address the ongoing spam menace.

"America Online is today announcing its support of the newly submitted version of an email authentication technology known as Sender ID and advanced by our key partner in the antispam crusade, Microsoft Corporation.

"This announcement is indicative of the evolutionary process that occurs in the email authentication debate, as specifications necessarily change and mature to include as many participants as possible. AOL has always indicated that flexibility is critical in the testing phase, so that opportunities might arise to allow email authentication technologies to be more inclusive, adaptable, and attractive to the broadest possible groups of participants.

...

"On September 15th, AOL announced that it would not move forward with the deployment of SenderID technology, because we had reservations at that time about the specific version that had been submitted. Namely, the fact that Sender ID at that time lacked 'backwards compatibility', which meant that all of the development work AOL and many others had put into the email authentication testing process would be cast aside by the new version of Sender ID.

"We relayed those concerns directly to Microsoft and others in the online industry - such as members of the Messaging Anti-Abuse Working Group (MAAWG) and Internet Engineering Task Force (IETF) community.

"Today, a new Sender ID version is being submitted to the IETF that we believe fully addresses and answers AOL's concerns, and those of many others in the online industry as well who shared those concerns.

"We welcome and applaud Microsoft for its efforts, and we continue to be encouraged by the way the online community has come together to help make online communications safer and more secure for the global Internet and for our members. The new Sender ID specification is, without a doubt, proof that the standards process can work well from a collaborative efforts standpoint. But more progress can be made, and much more work is to be done.

"Specifically, this now allows those of us who have been testing an email authentication technology known as SPF - or Sender Policy Framework - to be included in the Sender ID specification moving forward. This means that the over 100,000 domains publishing SPF v1 records - including AOL - will not need to change their DNS listings, and will have the option of checking the 821 Return-Path header as part of the Sender ID framework. This saves AOL and many others a great deal of time, resources, and development work.

"AOL is now participating in the testing of Sender ID by publishing our record in both SPF v1 and v2 formats. AOL will begin testing 822 FROM domains on our inbound system according to the Sender ID specification by the end of 2004. AOL plans to publish results of this testing to the internet community at large, at the appropriate time.

...

"AOL also looks forward to presenting these views and others at the Federal Trade Commission's (FTC) email authentication summit in November, along with our industry partners."

Nice to see the kiddies playing so well together. I'll check back in on them in November.



adamkb at 10:44:00 PM EDT Blog about this entry
This entry has 0 comments: (Add your own)