May 24, 2004

Spam abatement proposals gathering momentum

Author: Fergus Cassidy

The temperature around spam abatement became hotter last week when Microsoft
submitted a draft proposal to the Internet standards body, the Internet Engineering Task Force (IETF).

The draft, known as OCaller ID for E-mail,
proposes to utilize the Internet's domain name system (DNS) and described
the proposal as "analogous to the caller ID technology found in the
telephone system."

Last January, the IETF set up a work group to discuss the creation of a
mechanism to identify authorized senders for email from a domain.

Microsoft's move confirms that using the DNS to control spam is gathering
serious momentum, but such a strategy must be widely adopted to stand any
chance of success.

Attaching restrictive licensing can prevent a proposal from becoming an
agreed standard, and it will be interesting to see how Microsoft will respond
to IETF scrutiny and how the licensing issue is resolved.

However, Microsoft is not alone in chasing a spam control standard. Last
week, Yahoo! also submitted its own proposal to the IETF. Known as DomainKeys, the technology has the same
objective as Microsoft's Caller ID but uses digital signatures to confirm
identity.

But the dark horse could be OSender Policy Framework (SPF). SPF is similar to caller ID and aims to reduce
spam by identifying email forgery. SPF has been submitted to the IETF. It
has also been tested by America Online.

There have been many attempts to find the killer app for killing spam, but
last week's developments indicate that a "go it alone" solution is now
unworkable and has been abandoned.

Any proposed solution must become an agreed standard, and all roads now lead
to the IETF's MARID working group.

Such proposals, however, can be radically altered (or passed over) by the
standards process to the extent they are sometimes unrecognizable at the
outcome. The type of license can also be a major obstacle to agreement.

So why submit in the first place? Harald Alvestrand, the chair of the IETF,
said: "Because they believe their technology is a good fit for the
requirements. And they might be right (or not). But they're willing to go
along with the result of the standards process, even if that is
significantly different from what they start out with."

The IETF is accustomed to navigating political minefields. If it can do so
again with this issue, there might well be the much-needed breakthrough
before the end of this year.

Fergus Cassidy is a technology columnist with The Sunday Tribune.

Click Here!