The Internet Engineering Task Force may have withdrawn its support of Microsoft’s proposed antispam solution, but that isn’t stopping a Canadian Internet service provider from offering a variant on the technology in its corporate e-mail service.
Toronto-based Internet Light and Power (ILAP) on Thursday said would it be offering Sender ID, a way of authenticating the source of an e-mail message, in its iPermitMail service starting next month. Sender ID has been a hot-button topic among the Internet Engineering Task Force (IETF), which has been debating solutions to the global spam problem offered by a variety of vendors. Recently, however, the IETF shelved Sender ID over concerns about Microsoft’s potential intellectual property rights over the technology. ILAP said it would be the first Canadian ISP to deploy it.
Microsoft had proposed a way of authenticating e-mail sources, dubbed Caller ID for E-mail, that was combined with Sender Policy Framework (SPF), developed by e-mail service provider Pobox.com. As a hybrid system, Sender ID’s support of SPF means that the technology tracks where the e-mail originally came from, as opposed to the most recent source of an e-mail address, which can be tracked through a technique called Purported Responsible Address (PRA).
ILAP president Tristan Goguen said there are many ways to configure Sender ID, and ILAP’s is only one version.
“”We don’t want to wait. We know we’ve got a great system here,”” he said. “”Those standards will be sorted out in due time when everybody puts pressure on the IETF and even, I believe, Microsoft. And I think that government is going to come from the government and the public. When the standards come out, we’ll make adjustments to our version.””
Although Goguen said iPermitMail is 99 per cent effective, the rise of phishing schemes where fraudulent e-mail addresses are used to send spam has become a bigger issue. A year and a half ago ILAP started developing what it calls location tracking, which establishes which address certain messages normally come from. If a message came from an unusual location, it would be flagged as spam. When SPF came along, however, it met the same authentication requirements. SPF is simple to configure, uses existing DNS infrastructure and is usable now, Goguen said.
“”We’re on the bandwagon,”” he said. “”We’re abandoning our own technology because SPF is simple to use and effective.””
Groups like Apache and others opposed Sender ID because they said Microsoft was not clear about whether or not users would need a licence to use it. Gregg Mastoras, senior security analyst at Sophos, said that by withdrawing their support, vendors and users may need to support multiple authentication standards, which could slow the adoption or any antispam solution. “”We’re all kind of left in this situation where this is no main initiative that we’re all going to rally around,”” he said. “”The way Microsoft went about it, the open source folks just had too many concerns around licensing issues.””
Goguen insisted that the need for technology to combat phishing schemes was too important to be held up by industry politics.
“”Historically, with e-mail, you could walk into anyone’s (inbox) and make yourself at home. That’s over and done with,”” he said. “”I believe iPermitMail and Sender ID is putting a lock to the door, and is putting recipients back in control.””
Users will be able to use iPermitMail and Sender ID together or separately. Prices for individual users will be $4.95 per month, with multi-unit pricing for businesses.