Storm erupts over new Hotmail anti-spam safety bar

By Steve Malone

Posted on 24 Jun 2005 at 11:23

Microsoft is introducing a new 'safety bar' in its Hotmail accounts to warn customers that the email they have received may be spam. However, the move is seen by many as a way of Microsoft forcing companies to adopt its Sender ID technology.

Hotmail accounts are one of the prime targets for spammers and Microsoft has been trying to come up with solution to prevent spam clogging up the internet.

Microsoft's preferred solution is the Sender ID Framework (SIDF). Sender ID is designed to tackle one of the biggest problems in combating spam - address spoofing. Spammers never use their own address.

Sender ID uses technology originally designed to inform a sender that an email has 'bounced' - the system checks the contents of an email by checking that it came from the stated envelope sender. Domains known as spam sources are simply blocked. For the system to fully work ISPs and other companies with mail servers need to publish an Sender Policy Framework (SPF) certificate to identify their mail servers.

Microsoft says the Hotmail safety bar will 'alert customers to potential deceptive e-mail messages'. However, these will include any mail without an SPF record. Now many email marketers fear that without an SPF, their mail will automatically be flagged as spam.

Previous attempts to get industry wide adoption of Sender ID have not gone smoothly. Although submitted to the Internet Engineering Task Force (IETF) as a proposed standard, the body could not agree to its adoption. The main sticking point being that certain key parts of the code remained as part of Microsoft's intellectual property. Many were concerned that an internet wide adoption would mean Microsoft proprietary code alongside the SPF on every mail server in the world.

Nevertheless, Microsoft is pressing on, In an interview Craig Spiezle, a director in the Technology Care and Safety group at Microsoft, said, 'Getting businesses and e-mail users to recognize the importance and urgency surrounding e-mail authentication technologies is half the battle. The industry continues to encourage ISPs and businesses to publish an SPF record to protect their domain and ultimately enhance their brand name.'