News

Microsoft Outlines Anti-Spam Technical Roadmap

Microsoft this week unveiled its long-awaited technical roadmap for combating spam, which the company identifies as the top complaint of its e-mail customers.

Formally called the Coordinated Spam Reduction Initiative or CSRI, Microsoft's anti-spam proposal consists of three industry-wide steps:

  • Development of an e-mail equivalent of Caller ID to make spoofing a less attractive method for spammers.
  • Creation of independent e-mail trust authorities (IETAs) that would certify and monitor legitimate high-volume e-mail senders. The IETAs would help set reasonable behavior policies and verify the identities of compliant senders through digital certificates or safe lists. The IETAs would charge high-volume e-mailers large fees for their services.
  • Creation of a less expensive alternative for low volume e-mailers than the independent e-mail trust authorities. An example of an alternative would be payment in computer cycles, through required tasks that expend a few seconds worth of compute cycles per message sent. Spending that kind of time per message would put high-volume spammers out of business, according to Microsoft.

    Microsoft describes CSRI as a specification in the draft-for-comment stage and posted it online at www.microsoft.com/spam.

    Already the company has very high hopes for CSRI. In announcing the initiative at the RSA Security Conference this week, Microsoft co-founder Bill Gates said, "We believe that Caller ID for e-mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business."

    Gates and other Microsoft officials gave the most attention to the Caller ID portion of the proposal. The idea, which Microsoft has been working on for about a year, would require three steps to work. First, all e-mail senders would publish the IP addresses of their outbound e-mail servers in the Domain Name System in a format described in the Caller ID for E-mail specification. Recipient e-mail systems would check each message to determine the purported responsible domain. Then the recipient systems would query the DNS to check the IP address of the message against registered outbound e-mail IP addresses for that domain.

    Microsoft began a pilot implementation of Caller ID for E-mail in its Hotmail service this week. The pilot starts with Hotmail publishing outbound IP addresses. Microsoft's free e-mail service will begin checking inbound addresses early this summer.

    A few major companies have signed on to test the Caller ID proposal -- Amazon, Brightmail and Sendmail.

    The technical roadmap comes about a month after Gates told an audience at the Davos summit that "in the next 12 to 18 months we can expect (spam) not to be a major problem as today."

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Appoints Althoff as New CEO for Commercial Business

      Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

    • Broadcom Revamps VMware Partner Program Again

      Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

    • Closeup of the new Copilot keyboard key

      Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

      Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

    • Windows 365 Cloud Apps Now Available for Public Preview

      Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.