NEW YORK — The solution for stamping out e-mail-based scams may never be complete,
but as evidenced at the E-mail Authentication Implementation Summit 2005 on
Tuesday, insiders appear more resolved than ever to work together towards
that goal.
The event, organized to bring together a diverse collection of e-mail
analysts and providers, featured discussions and potential solutions, such as Sender ID, SPF and DKIM, to the halting Internet scourges.
Microsoft , the author of Sender ID, presented results of a six-month study that raised issues about Web users reluctance to trust e-mail.
According to the study, 80 percent of online users say spoofing and phishing attacks have impacted their trust in e-mail from companies or individuals they don’t know.
“What you are seeing is the immediacy is being driven by the escalations
and severity of the online threats that are impacting businesses and
brands,” Craig Spiezle, a director in Microsoft’s e-mail safety group, said.
Spiezle said the industry is moving ahead with specifications and that
Microsoft submitted its specs for Sender ID to the Internet
Engineering Task Force (IETF), which approved them “under experimental status.”
“Which basically says go forward and report back on your finding,” he
said.
Microsoft’s attempts to make Sender ID an Internet standard failed last year when the IETF shut down a working group trying to come up with an e-mail authentication solution.
Although the Redmond, Wash., company made revisions, open source software proponents balked over Sender ID licensing terms and would not accept the technology as an industry standard. IETF officials at the time suggested real-world deployments of the technology, as well as other specifications and subsequent reports of those deployments.
Microsoft has a three-pronged approach to solving the problem, which it
breaks into prescriptive guidance (educating); collaboration and
partnerships; and technology.
“No one company can do this alone; no one industry can do this alone; and
the government can’t do this alone,” he said. “It really requires collaboration.”
The conference came just days after Yahoo and Cisco
teamed to propose their
e-mail authentication specification as a standard to the IETF.
The Domain Keys Identified Mail (DKIM) specification is the combination
of two related, competing technologies: Yahoo’s Domain Keys and Cisco’s
Identified Internet Mail (IIM).
The IETF is expected to discuss the proposed standard later this month at
a meeting in Paris.
While Microsoft has contributed to DKIM, the company’s primary goal is to
push the Sender ID standard.
Microsoft recently revamped its Web-based Hotmail so that all messages not using Sender ID are identified.
“As adoption of Sender ID and SPF records grows, and the lack of a domain
with an SPF record becomes the exception to the norm, we may choose to
investigate unauthenticated e-mail more closely before deciding whether to
deliver it to the user’s inbox,” Spiezle said.