[Am-info] Row over how to junk spam e-mail

[Erick Andrews]

Microsoft 's track record on "innovations" has never impressed me.
I'd put this proposal at the bottom of the heap not least for which
you should think they've got something up their sleeves to deal with
SPAM *their way*.     - Erick Andrews

See the following.  (Looks like BG has a new hair cut in the photo, too.)

-------------------------------------------------------------------------------

http://news.bbc.co.uk/2/hi/technology/3492354.stm

Microsoft is proposing to stop spam by checking that messages
are being sent by the person they claim to come from.

The Caller-ID for e-mail idea is one of several proposals
floated as a way to stem the rising tide of junk mail.

The internet's engineering body has set up an emergency meeting
to sift through the different proposals and draw up a
network-wide solution.

But some fear the competing proposals could cause confusion and
spell the end of some widely-used net features.

Broken net

Spammers hide their location by using a false, or spoofed,
address in the millions of messages they send out.

Spam is the cholesterol of the internet, it is just clogging up
everything Steve Raber, Ciphertrust They can get away with this
because mail servers only check if a domain mentioned in these
spoofed addresses is known to be used by spammers.

"Having e-mail come in, and not really being able to identify
where it comes from, this is a huge security hole," said Bill
Gates, Microsoft chairman, during a keynote speech at the RSA
Security Conference where he unveiled the idea.

Microsoft is proposing changes to the net's mail handling
systems that will make organisations register the net addresses
of their mail servers.

When a message arrives, its domain will be checked to ensure
that it originated where it said it did.  If not it will be
deleted.

Microsoft said its Hotmail subsidiary will start registering its
mail servers soon and it has been joined by Amazon and spam
filtering firm Brightmail.

Emergency meeting

But many other companies are committing to the Sender Policy
Framework, (SPF), which works in a similar fashion to
Microsoft's Caller-ID idea.

SPF also involves checking e-mail to ensure that the address it
uses is related to the net address it comes from.

Almost 8,000 organisations have registered with the SPF
co-ordinating body.

Net portal Yahoo has proposed a different system called
DomainKeys that uses encryption to prove a message's origins.

The competing proposals have sparked worries at the Internet
Engineering Task Force which oversees the technical development
of the net.

The IETF has convened a meeting that will sift through the
proposals and try to work out a specification that the whole net
can use.

Without such intervention many fear that these spam-stopping
systems could disrupt some well-known features of online life.

Mail-forwarding systems that let people route e-mail through
servers other than those run by their net service provider could
suffer.

News sites could be hit as the proposals could stop them letting
readers e-mail stories to friends by clicking on a button.

-------------------------------------------------------------------------------