socialtwister — an archive in time
8
March · 2004
22 years ago

E-mail Caller-ID

filed under E-mail · 5 comments in the original

Life With Alacrity reports on the upcoming war over SMTP Authentication. As the SPAM wars continue, the leading mail vendors are all working to develop THEIR OWN standards for how the thwart the onslaught. Three major players have come forward: Yahoo! with Domain Keys, AOL with Sender Policy Framework, and Microsoft with its XML-based Caller-ID.

Christopher focuses on the Microsoft angle in his coverage.

As noted:

The big announcement of the week was that Microsoft will be be releasing their own spam solution, a Caller ID for email addresses, starting this summer in HotMail and in their mail servers. Basically the way this works is that every domain holder publishes inside their DNS records the IP addresses of any valid outbound email server. This information is stored using XML in a special signed format. After a mail is sent, the receiving system queries the DNS to confirm that the outbound server is not being spoofed.

[...]

Unfortunately, Microsoft's Caller-ID proposal requires XML, which makes implementation much more complicated. It requires the entire email to be received by the server first, before looking up the DNS record, then validating a signature -- all of which introduces more burdens on the mail server. Lastly, this XML may exceed the 512-character limit for DNS requests, which can cause DNS servers to send via TCP rather then UDP, which may introduces even more uncertainty.

Source: Life With Alacrity, "Post RSA Conference Wrapup"

Larry Seltzer of eWeek adds a more detailed analysis of all 3 and comments on the MS initiative:

It's possible Microsoft has other motivations for digging into message headers, especially when you consider the policy framework they are building to manage this data. Perhaps there are more opportunities to sell development and management tools with Caller ID than with the alternative approaches. Clearly you would want the opportunity to do what Caller ID does if you could be sure it was reliable. But if it doesn't work well, we'll soon find out, since both spammers and customers will certainly beat on it as hard as they can over the next few months.

Source: eWeek, "Who Will Win the SMTP Authentication Wars"

Last week I questioned the use of "postage" on the client side as the sole solution. It seems that Microsoft's Anti-SPAM program is attacking from both ends of the rope. Once again, the question still remains, How will these forces be brought to market in a uniform, meaningful manner when already there is infighting over the most appropriate technique?