Sender ID Stirs Internet ControversyBy Jacqueline Emigh | Posted 2004-07-30 Email Print
ISPs expect the Sender ID anti-spam protocol to become important, but they also point out that other standards can deliver the same results without patent entailments.
The Sender ID anti-spam protocol is stirring up commotion in the Internet channel. Some ISPs and Web hosters are in favor of Sender ID, which is aimed at thwarting e-mail spoofing. Others, especially in the Linux community, loudly oppose the Microsoft-backed approach. Yet regardless of their views on Sender ID, people agree on one thing. They're heartily sick of spam.
"We're spending a lot of time on spam, and it's costing us money. Online marketing is a good concept, but way too many people are abusing it," said Ed Kundahl, president of Haven Internet Services Inc., an ISP in Allentown, Pa., with customers ranging from home-based businesses to multimillion-dollar manufacturers.
The emerging Sender ID technology combines Microsoft's former Caller ID with SPF (Sender Policy Framework), a protocol written by Meng Weng Wong and previously espoused by ISPs such as AOL, Yahoo and British Telecom. In June, Microsoft submitted Sender ID to the IETF (Internet Engineering Task Force) for consideration as an industry standard.
"Until technology such as SPF or Sender ID is widely adopted, you can call yourself 'Barney the purple dinosaur' if you want, and still be able to send an e-mail that way," said Randy Ambrecht, who heads up Global Web Solutions Inc.
In the meantime, Global Web Solutions is taking its own steps. Along with about 1,500 ISPs, and 4,000 organizations overall, it is already implementing SPF through software from Computerized Horizons LLC's Declude.
Computerized Horizons' Declude anti-spam line is available as a standalone server product or with Ipswitch Inc.'s iMail mail servers. They ship with a minimalized version of Declude's product, according to Barry Simpson, Declude's president and CEO.
Despite SPF's growing popularity, some people predict that Sender ID still will gain market share. "Even if standardization doesn't happen through the IETF for some reason, Sender ID is likely to become a de facto standard," predicted Scott Anderson, chief software architect at Declude.
Sender ID requires DNS records to be published by outbound mail servers. Messages from Caller ID domains can then be checked in the DNS record to see whether they match the "from" field in the message header.
By Oct. 1, Microsoft plans to start using Sender ID to verify messages sent to MSN, Hotmail and Microsoft.com accounts.
Some ISPs now believe that Sender ID will come to pass. "MSN, AOL and Yahoo kind of lead the way. Where one goes, the others will follow," according to Kundahl.
Meanwhile, Internet newsgroups are filled with complaints that Microsoft still holds patents related to Caller ID. On its Web site, Microsoft indicates that it's requiring software developers implementing Sender ID to take out a free license. But Microsoft also notes that "a license agreement is not required for individuals, companies or ISPs who only wish to publish their Sender ID records."
"Caller ID probably has less chance of success than SPF, because a lot of people out there don't want to feel beholden to Microsoft in any way," said Russell Miller, president of Duskglow Consulting LLC, a Linux consultancy in Le Mars, Iowa.
So, Miller has decided to start implementing SPF. Miller has already added SPF records to his DNS server. Next, he plans to add SPF to his Sendmail server. "I'm not going to block any e-mail," he said. Conversely, the consultant will configure his spam filter to give greater scrutiny to mail that can't be verified through SPF.
"SPF is only really going to work if it's adopted by the majority of domains. Until then, though, using SPF certainly won't hurt. In fact, it might even help a little," Miller said. "By using the SPF records, for example, I'm ensuring that spam won't be delivered to hosts that check those records, and that I won't get the bounces."
But others doubt whether Sender ID or any other anti-spam remedy can be effective for very long, anyway. "It's a cat-and-mouse game. You're always going to have spam. Whenever something new comes out, somebody always figures out a way to get around it," said a tech service rep at ISP West, in North Hills, Calif. The service rep asked to be identified only as "Gary."
Even Sender ID advocates admit that even if it does gain wide adoption, Sender ID won't be enough to squelch spam in and of itself. "Sender ID is only part of the solution to spam, but it's an important part," Simpson said. "It will make life more difficult for spammers by forcing them to go out and get domains."