Microsoft's "Caller ID" non-solution to spam

posted Apr 20, 2004

"Caller ID for E-Mail: The Next Step to Deterring Spam" is the Microsoft draft specification to address the widespread problem of domain spoofing. Domain spoofing refers specifically to the use of someone else's domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender's address on e-mail messages.
Caller ID for e-mail would verify that each e-mail message originates from the Internet domain it claims to come from. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail.

This is a solution to the spam problem of two years ago. Now that spammers control massive relay networks via the Windows viruses that are now literally pop up daily, and send their spam through those relays, source authentication is merely going to complete the push toward using relay networks.

Source authetication won't help identify the relay network computers any more then we already could today just by reading the headers.

I see this as an almost political gesture by Microsoft; their major customers expect "something" to be done, so Microsoft will do something just for the sake of doing something. Why not? They can't lose; when the spammers adapt, they can blame the spammers, not their plan, even though most people at Microsoft must know this isn't going to work, and none of the "major customer" types they are posing for will call them on it. (At this point, all the "major customers" who would call them on it are no longer "major customers"; the selection process is pretty complete.)

Oh, and guess who holds a patent in this area?

 

Site Links

 

RSS
All Posts

 

Blogroll