Microsoft Outlines Anti-Spam Technical Roadmap
- By Scott Bekker
- February 26, 2004
Microsoft this week unveiled its long-awaited technical roadmap for combating spam, which the company identifies as the top complaint of its e-mail customers.
Formally called the Coordinated Spam Reduction Initiative or CSRI, Microsoft's anti-spam proposal consists of three industry-wide steps:Development of an e-mail equivalent of Caller ID to make spoofing a less attractive method for spammers.
Creation of independent e-mail trust authorities (IETAs) that would certify and monitor legitimate high-volume e-mail senders. The IETAs would help set reasonable behavior policies and verify the identities of compliant senders through digital certificates or safe lists. The IETAs would charge high-volume e-mailers large fees for their services.
Creation of a less expensive alternative for low volume e-mailers than the independent e-mail trust authorities. An example of an alternative would be payment in computer cycles, through required tasks that expend a few seconds worth of compute cycles per message sent. Spending that kind of time per message would put high-volume spammers out of business, according to Microsoft.
Microsoft describes CSRI as a specification in the draft-for-comment stage and posted it online at www.microsoft.com/spam.
Already the company has very high hopes for CSRI. In announcing the initiative at the RSA Security Conference this week, Microsoft co-founder Bill Gates said, "We believe that Caller ID for e-mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business."
Gates and other Microsoft officials gave the most attention to the Caller ID portion of the proposal. The idea, which Microsoft has been working on for about a year, would require three steps to work. First, all e-mail senders would publish the IP addresses of their outbound e-mail servers in the Domain Name System in a format described in the Caller ID for E-mail specification. Recipient e-mail systems would check each message to determine the purported responsible domain. Then the recipient systems would query the DNS to check the IP address of the message against registered outbound e-mail IP addresses for that domain.
Microsoft began a pilot implementation of Caller ID for E-mail in its Hotmail service this week. The pilot starts with Hotmail publishing outbound IP addresses. Microsoft's free e-mail service will begin checking inbound addresses early this summer.
A few major companies have signed on to test the Caller ID proposal -- Amazon, Brightmail and Sendmail.
The technical roadmap comes about a month after Gates told an audience at the Davos summit
that "in the next 12 to 18 months we can expect (spam) not to be a major problem as today."
Scott Bekker is editor in chief of Redmond Channel Partner magazine.