- The Washington Times - Tuesday, May 25, 2004

Spam-fighting experts and Internet providers are moving quickly toward implementing a way to make it harder for spammers to hide their identities.

Microsoft Corp. said yesterday that it will merge its “Caller ID for E-mail” system with a similar framework developed by Philadelphia e-mail guru Meng Weng Wong.

The partnership of Caller ID with Mr. Wong’s Sender Policy Framework (SPF) is viewed as a major step in the effort to restore trust in e-mail, which has become overrun with spammers and scam artists who send millions of fraudulent messages each day. Implementation of the combined system could begin by the end of the year.

“We’re trying to end fraud and forgery in e-mail,” said Mr. Wong, founder of PoBox.com, an e-mail service based in Philadelphia. “It’s not going to eliminate spam, but it can give us the tools to stop spam.”

Using slightly different methods, the Caller ID and SPF systems protect against “spoofing,” or the use of forged e-mail addresses, one of the most common tricks used by spammers to remain untraceable. Scam artists have also used spoofing methods to commit identity theft through e-mail designed to look like it came from legitimate companies such as EBay, PayPal or Citibank.

Under the combined system, companies will be asked to publish information about their outgoing e-mail servers, such as Internet protocol addresses. That information can then be matched up with information embedded in the e-mail. Messages that do not match up with the published information can be automatically blocked by spam filters.

A full outline of the combined plan could be available within one month, and Internet and e-mail providers could begin using the system within six months, according to Mr. Wong and George Webb, Microsoft’s business manager for antispam technology and strategy.

“We both believe it’s important to have a single industry standard,” Mr. Webb said.

Spam-deterrence experts said Redmond, Wash.-based Microsoft, the world’s largest software company, showed surprising restraint by agreeing to merge Caller ID with SPF, because the company could have simply promoted its own system. In the end, Microsoft realized that the two systems working together would be more effective in stopping fraud and spam.

“This does seem to be a straightforward merger of the two,” said Andrew Newton, a member of the Internet Engineering Task Force, who has analyzed both proposals extensively. “[Microsoft] has been very willing to work with the community.”

Spam opponents said the combined Caller ID and SPF system will most likely be joined with more-complicated systems still under development.

Internet portal Yahoo is working to implement a system known as DomainKeys, which uses a process known as cryptography to authenticate not only the addresses of e-mail messages, but their content. Analysts said it is a more robust system that will take longer to develop, but that it could eventually prove more effective than Caller ID and SPF in preventing spam and fraudulent e-mail. All three proposals can work in unison, if necessary.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide