Microsoft Issues Anti-Spam Call to Action
Microsoft has added a new alert bar to its Hotmail service that notifies users when the sender of an incoming e-mail cannot be verified. The technology utilizes Microsoft's Sender ID Framework, which is designed to cut down on the number of spam messages and phishing attacks flooding customer inboxes.
Sender ID is one of a number of new standards proposed to combat spammers and has been backed by large service providers such as America Online. The technology was initially met with concern over its proprietary nature, but Microsoft subsequently opened up Sender ID to ensure compatibility with Sender Policy Framework, a competing anti-spam technology.
Microsoft says over 1 million domains have already published SPF records, up from just 60,000 in October 2004. Sender ID also supports simple From address verification or what is called a PRA (Purported Responsible Address).
"Today's announcement accomplishes two things: It further protects consumers by providing them more information about suspicious e-mails, and it's a call to action for domain holders and e-mail senders to publish their SPF records to help protect their brands and maximize the deliverability and reliability of their e-mail," explained Craig Spiezle, a director in the Technology Care and Safety group at Microsoft.
While developed in-house by Microsoft, Sender ID is a royalty-free e-mail-authentication technology that requires verification of domains from which mail is sent. By doing so, Sender ID makes illegitimate e-mails such as spam and phishing scams easier to detect and eliminate.
Sender ID was implemented into Hotmail's back-end in January, and Microsoft says it blocks more than 3.2 billion deceptive e-mails per day. Now, when a Hotmail users receives an e-mail from a domain that cannot be authenticated via Sender ID, a safety bar will appear that provides a warning and additional information.
"The alerts will provide customers with options to learn more about Sender ID and provide guidance on staying safe online. Mail that fails the Sender ID check will be placed in the junk mail folder or it may be deleted altogether, based on the sender's reputation and other anti-spam and anti-phishing heuristics," said Spiezle.
Meanwhile, Yahoo has been developing its own anti-spam technology dubbed DomainKeys, which the company recently said would be merged with Cisco's Identified Internet Mail.
"Getting businesses and e-mail users to recognize the importance and urgency surrounding e-mail authentication technologies is half the battle," Microsoft's Spiezle said. "To fully realize the benefits of these technologies, it's incumbent on us as an industry to act swiftly, authenticate our outbound mail and check inbound mail to help ensure we protect e-mail as a valuable communications tool for users worldwide."