Microsoft To Merge Caller ID With SPF Anti-Spam Scheme

The company reached the agreement with Meng Wong, the author of SPF, to merge the two proposals into one specification that will be presented to the Internet Engineering Task Force (IETF) standards body in June.

If adopted, the specification would provide a way to stop domain spoofing, where spammers forge addresses in hopes of disguising their identities or tricking users into divulging personal financial information, the rising trend called "phishing."

Both Caller ID, which Microsoft chairman Bill Gates first touted in February, and Wong's SPF would confirm the sender's domain. Anti-spam filters could then be created by enterprises to, for instance, block all messages with From: addresses that don't match the actual sending domain.

According to a joint statement released Tuesday by Microsoft and Wong, the merged specification would allow testing for spoofing both at the message transport (SMTP) level, as proposed in SPF, and in the message body headers, which was a key component of Caller ID.

Sponsored post

Testing at the message transport level would allow administrators to block some spam before it's sent, while the content examination proposed by Caller ID could be used to more deeply probe messages to detect phishing attacks.

"We're pleased to see Microsoft and the SPF community working together on a unified specification," said Andrew Newton, co-chair of the IETF working group that handles domain identification issues, in a statement.

Another rival anti-spoofing specification, dubbed DomainKeys, is being promoted by Yahoo, which submitted its standard to the IETF last week.

But although the proposed merger is welcome news to analysts, one warned users not to get too excited too quickly.

"We're not going to see anything happening overnight," cautioned Peter Pawlak, lead analyst with Directions on Microsoft.

"Microsoft is going to have to do a lot of hustling in the next few months with SPF, and Yahoo too, to come to some sort of agreement." Without a single anti-spoofing standard, he sees only failure ahead. "This is one of those technologies that unless the majority of the world uses it, it's not very useful."

Down the road, however, things might be completely different. "If a single standard is adopted, in a year or two much of the kind of spam we see today will be blocked by these techniques," he concluded.

This story courtesy of TechWeb