America Online Inc. said yesterday it is once again supporting a Microsoft Corp. plan to combat unwanted bulk e-mail by verifying senders of messages, a move that could rekindle industry adoption of a new system for attacking spam.
Known as Sender ID, the technology attacks the ability of spammers to disguise their identities by faking the addresses from which they send bulk e-mail. The false identities make it hard to track down spammers, and they also are used to fool consumers into thinking that certain messages seeking personal data are legitimate, a scam known as "phishing."
| || |
___Tech Policy/Security E-letter___ Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week.
Click Here for Free Sign-up
Read E-letter Archive
The four major providers of e-mail accounts, including Yahoo and EarthLink, have been testing ways to move past e-mail filtering, which seeks to weed out spam by analyzing its contents. Instead, the goal is to flag "good" e-mail by verifying sender identity and then segregate everything else.
Microsoft has been pushing Internet standard setters to support its vision, to help drive broad industry adoption of a single system for all e-mail traffic, thus making it more effective. But the company came under fire for excluding other technologies and for attempting to patent and license the technology in ways that would be incompatible with open-source software systems.
Last month, AOL dropped out of the effort, and the standards body that was examining sender-verification systems disbanded.
Yesterday, however, Microsoft said it was submitting a revised plan to the Internet Engineering Task Force and had regained AOL's support. The new plan would be compatible with a system AOL and roughly 100,000 other businesses have been testing, satisfying the Dulles online giant.
"We welcome and applaud Microsoft for its efforts," AOL said in a statement. "The new Sender ID specification is, without a doubt, proof that the standards process can work well . . . But more progress can be made, and much more work is to be done."
Ryan Hamlin, general manager of Microsoft's Anti-spam Technology and Strategy Group, said the company adjusted one of its patent applications to make clear that it is seeking to patent only a particular way of checking that e-mail has come from a computer with a valid Internet address.
Hamlin said the company is seeking a patent to make sure the process is not co-opted by someone else who might try to profit from it. Hamlin said that licenses for its part of the system would be free and that companies could use other authentication methods.
It was not clear whether Microsoft's move will satisfy concerns in the open-source community, especially since the terms of its license are not changing. Open-source activists said the original Microsoft license was incompatible with open-source licensing, which allows for users to build derivatives of the original work. An attorney for the Open Source Initiative, a technical and standards group, did not return messages for comment.
John R. Levine, head of the anti-spam standards research group that disbanded last month, said he did not think the changes would satisfy the open-source community.
But he said that if AOL moves beyond testing and implements Sender ID, the two companies have a large enough footprint in the e-mail world to force the rest of the industry to follow suit.