Microsoft revises anti-spam standard

WASHINGTON- Microsoft Corp. on Monday said it had revised its proposal to weed out "spam" e-mail to win over skeptical Internet engineers who have been reluctant to adopt technology owned by the dominant software company.

Microsoft officials said they have revised their SenderID protocol to work better with an existing standard and have narrowed their patent application to make sure it does not cover other proposals.

The changes have won over at least one important player. America Online Inc., a division of Time Warner Inc.., said it would now begin testing the protocol again after abandoning it one month ago.

Spammers often appropriate the e-mail addresses of others to slip through content filters, a tactic known as "spoofing."

Microsoft's Sender ID is one of several proposals that would allow America Online and other Internet providers to check that a message from joe@example.com actually comes from example.com's server computers. Messages that do not match up could be safely rejected as spam.

The technology would be invisible to everyday users.

Microsoft in May combined its Sender ID proposal with another developed by entrepreneur Meng Wong and submitted them to the standards-setting Internet Engineering Task Force for approval.

But several key players said they would not use the standard because Microsoft holds patents on the underlying technology, even though Microsoft has said it will not charge for its use.

Ryan Hamlin, general manager of Microsoft's anti-spam group, said the patent was necessary to protect the company from frivolous lawsuits.

SenderID and Wong's Sender Policy Framework proposal work in slightly different ways. SPF checks the "bounce" address provided to return undeliverable mail, while SenderID looks at another address buried deeper within technical routing records.

Microsoft's approach is designed to help catch fraudulent "phishing" messages that disguise themselves as banks or other legitimate businesses in a bid to collect bank-account numbers and other sensitive information, Hamlin said.

"Now you have a framework that will encompass both of those checks together," said Carl Hutzler, AOL's director of anti- spam operations.

Microsoft said it had resubmitted SenderID to the IETF for approval.

© Reuters 2004. All Rights Reserved.