RealTime IT News

Microsoft Joins IronPort Whitelist

Anti-spam software and hardware maker IronPort won a major victory for its whitelist service with the announcement Wednesday that Microsoft was joining its ranks.

Scott Weiss, CEO of the San Bruno, Calif.-based company, said he's been in constant contact with two other major U.S. email providers -- AOL and Yahoo! -- and expects to make big announcements in the "ensuing weeks" now that the company behind MSN and Hotmail is on board.

"I can't even begin to tell you the number of fire-rings we had to jump through for Microsoft, to go live and in production," Weiss told internetnews.com. "Literally, they have put us through so many paces, I think the other ISPs can now feel comfortable that a big guy has smacked us around enough that we are going to be an obedient provider of this service and be Johnny-on-the-spot if there are any problems or issues," he said.

"[AOL and Yahoo!] have been wanting to see if this program is going to make it out of the gate and hello, the gate just opened."

A whitelist is a term for a group of accredited, trusted IP addresses that can pass through spam filters established at Internet service providers and other e-mail gateways using a list provided by a whitelist maintainer. TRUSTe, the non-profit privacy initiative, certifies IronPort's whitelist and settles disputes -- dubbed the Bonded Sender Program.

Weiss said with the addition of Microsoft's MSN and Hotmail e-mail services to the Bonded Server Program, the company would cover about 30 percent of the world's e-mail. Until Microsoft joined the program, it covered about 6 to 10 percent of the mail being sent.

The whitelist filtering scheme, as the name implies, is opposite of the methods used by a blacklist, which excludes IP addresses from known spammers. The problem with blacklists, also called real-time blackhole lists , is that the decision to block an IP address is usually arbitrary (depending on the RBL maintainers) and can also block legitimate e-mail traffic.

Belated efforts by the U.S. government and e-mail advertising companies to address the issue have seen spotty results, though the Federal Trade Commission (FTC) made two arrests last month charging two individuals with violating the Can Spam Act.

But despite self-regulation by marketing groups like the e-mail Service Provider Coalition's "Project Lumos," RBL maintainer Spamhaus.org lists the U.S. as the number one spamming country in the world, according to its April numbers. Both aol.com and yahoo.com appear on Spamhaus' block list for harboring individuals who are spamming, but not hotmail.com or msn.com.

According to Sara Radicati, president and CEO of Palo Alto, Calif., market research firm Radicati Group, Microsoft's inclusion to IronPort's program is good news for the industry. AOL, Yahoo! and Microsoft make up one-third of the world's sent ISP email; joining a whitelist makes sense.

"I think it's inherently easier to deal with whitelists because they are more straightforward than blacklists," she told internetnews.com.

In the Bonded Sender program, senders put up a bond ranging from $500 on up for their domain (depending on volume of email). Every time the number of complaints for that IP address exceeds the monthly allotment, IronPort subtracts a set amount from that bond. It's a setup that forces companies to ensure the mass e-mails they send out don't trigger any complaints. Monies collected are given to non-profit organizations like TRUSTe.

There are a number of spam filters that currently use Bonded Server in their applications: SpamAssassin, Procmail, Declude, Apache James, qmail and Postfix to name a few. When an e-mail hits one of these filters, it is assigned a rating; IronPort likens the assignation to a credit rating -- the more suspicious the sender, the more restricted the access.

Microsoft officials were not available for comment at presstime. But Ryan Hamlin, general manager of anti-spam technology and strategy, said in a statement:

"Because spam is our email customers' No. 1 complaint today, our technology arsenal must include a process that works in tandem with our filters to differentiate good mail from junk e-mail. Bonded Server is an example of a program that effectively raises the bar on conduct for good e-mails while simultaneously helping recipients such as Microsoft identify important messages that consumers have requested."

The problem with whitelists is that they are relatively ineffective if no one signs up for the program. While IronPort has 28,000 organizations signed up to receive the whitelist, only about 100 sending organizations have signed up to the Bonded Server program, or about 6 to 10 percent of the world's sent e-mail.

Weiss said Microsoft's inclusion puts it at a critical mass, and ISPs will be happy to sign up to the program now.

"The biggest ding we always got with the program wasn't that it doesn't work or that it isn't well-conceived, the issue with these programs is adoption," he said. "In the sending community, and really using this as a deliverability tool, it only makes sense when you cross the sound barrier of critical mass. When you now have that many participants, it makes sense to come sign up or at least legitimize the fact that you not a spammer.

"The great thing for ISPs like MSN is that now they can really turn up the screws," he continued. "Now, every customer has to live by their own IP, so to speak, and it really brings transparency to a lot of these organizations."