The Microsoft-proposed technology that identifies the source of an e-mail ran into a speed bump on the road to ratification, but the proposed Sender ID standard is hardly in ruins.
There was some confusion last week regarding e-mails detailing events at the MTA Authorization Records in DNS, or MARID, a working group of the Internet Engineering Task Force (IETF) that
PRA is a Microsoft technology that authenticates the source of e-mail addresses, and contains patents for technology that some vendors, in particular, some members of the open source community, object to licensing. There is a second method to do this same check, called the Sender Policy Framework, also called "mailfrom."
Andrew Newton, co-chair of the MARID working group, said the group has decided to use both methods of checking for forgery, not just one. Newton said vendors can choose which one, or both, to use in their products.
"The code for either one is trivial," he said. "But the network administrator must determine how they want the checks to be done. They will have two methods to choose from."
Compromise likely, IBMer predicts
Some experts have said that this decision will not likely come to pass, and rather, that it is a worst-case scenario. Ultimately, there will probably be a compromise and a resolution, they say.
IBM signed on as a supporter of Sender ID, but like all Sender ID proponents, such as Symantec Corp. and Sendmail Inc., they endorsed the proposed standard when it was expected to include one authentication method, not two. Borenstein remains optimistic that the members of the IETF working group will work out their differences.
"IBM recognizes the interest and concerns of both Microsoft and the open source community," he said. "Both have valid concerns, but it is still possible to satisfy the needs of both communities, and we are continuing to work toward that."
Antispam fight has many fronts
Whatever happens at the IETF, most experts agree that Sender ID is on its way to broad acceptance.
"What's nice about Sender ID is that it attacks the root cause of spam," said Francis DeSouza, CEO and founder of IMLogic Inc., a Waltham, Mass.-based manufacturer of software that manages instant messages. "If you can properly authenticate the messages, you've made a good dent in who can send you spam."
Fighting the war on spam will get more difficult as spam spreads to new media. It's starting to move to instant messages, where it actively disrupts workers by popping up on their screen. It's also making its way onto cell phones, where this additional traffic might actually cost a user some money. "Just when you think you've got one tactical solution in place, it moves to another front," DeSouza said.