October 23, 2006

Microsoft opens-up e-mail technology to fight spammers !!

When the predecessor to the Internet, the ARPAanet, was being demonstrated to the public in 1972, it was considered to be a tool of interest mostly to scientists and researchers who wanted to collaborate on data. Only a year later, ARPA staff discovered that over three-quarters of network traffic was taken up by e-mail messages, an application that was not even thought of when the network was originally designed. E-mail quickly became the killer app of the Internet, and it didn't take long after that before spam became the number one aggravation of using e-mail. Now, Microsoft is proposing to help clean up the morass that e-mail has become, by announcing that they are opening up their specifications for their Sender ID e-mail framework under the Open Specification Promise (OSP). The move will make it possible for anyone to build e-mail systems that use Sender ID without a license, with an irrevocable promise under the OSP that Microsoft will not sue the implementer for any patent violations.

Sender ID has had a long and relatively inglorious history. In 2004, Bill Gates famously predicted that, thanks to Sender ID, spam would be "wiped out" by 2006. Of course, this miracle failed to happen, not just because the technology wasn't perfect (it wasn't) but because the vast bulk of companies managing the Internet backbone refused to adopt the technology due to concerns over patent licensing. Without such support, Sender ID died on the vine, and wasn't heard from again until two years later. Microsoft claimed that the technology had proven itself in helping curb spam on their Hotmail service, and that adoption among Fortune 500 companies had tripled over the last year.

So what does Sender ID do exactly? Put simply, it attempts to authenticate the sender's message as originating from the same address it is pretending to come from. It checks the claimed domain name (such as bankofamerica.com) with a list of IP addresses from high-level domain name servers. If the IP address from the e-mail does not match, it is rejected as spam. Sender ID is not the only such method available for authentication—open-source solutions such as Sender Policy Framework (SPF) and Certified Server Validation (CSV) perform similar tasks—but Microsoft claims that its technology is better at capturing spam and especially good at defeating phishing scams.

Will the release of Sender ID under the OSP help its adoption in an open-source world that tends to distrust Microsoft technologies? It might. Companies such as Red Hat have already lauded Microsoft for releasing other protocols, such as the Virtual PC Hard Disk (VHD) format, under the OSP umbrella. However, with alternative solutions such as SPF and CSV already in use by many Internet companies, there may not be a rush to implement Sender ID.

Even if Sender ID does become common, it will not eliminate spam from the Internet. Many spam senders have already figured out how to beat earlier spam-blocking technologies, such as heuristic filters (if you want to know why you are receiving e-mails with nonsensical but grammatically correct prose in them, this is why). Blacklists of spam senders cannot keep up with the daily influx of new spam-sending machines, including vast armies of infected computers working as botnets. Overzealous antispammers often block entire domains by accident in a vain attempt to stop spammers—once, for a whole week, I could not send any mail to any domain in arstechnica.com from any Shaw address. In the war of spammers versus antispammers, users often get caught in the crossfire.

Microsoft has suggested alternative methods for cutting down on spam—such as charging users a tiny amount for each e-mail sent—but such solutions seem dead in the water (who would want to pay to send e-mail messages when you know the spammers will only find ways around doing so?) Some people are of the opinion that e-mail is irrevocably broken and it is time to look for its replacement. Many people are doing just that—studies have shown that younger Internet users view e-mail as something their parents do, but all their personal communication is over instant messaging or texting on their mobile phones. One day, e-mail may even be seen as a quaint historical relic, like the old file searching utility gopher is today.