On May 25, Microsoft agreed to merge its own Caller ID antispam initiative with another such effort, called Sender Policy Framework (SPF). Bill Gates himself announced the Caller ID initiative in March, 2004, but SPF has been in the works for some time (it's been on the docket as a draft RFC since late last year). The SPF specification's author, Meng Weng Wong, and Microsoft have now agreed to work together on a joint specification—under an as yet unannounced name—for delivery to the IETF some time this past June.
The specification intends to close loopholes in the current SMTP addressing and delivery system that makes it easy for senders to fake or "spoof" the origin of their message. Both the original Microsoft and SPF proposals call for techniques to modify DNS records so that message origins can be more effectively checked and verified, though the two proposals differ somewhat in their details. Basically, Microsoft's Caller ID requires creation of an XML-based e-mail policy field in the MX record for mail servers allowed to send e-mail from their domains, while the SPF spec simply checks to see if the reported from address is valid or not.
A combination of both methods will allow mail servers checking on incoming mail to determine if such mail is valid at the envelope (originating mail server) level, and in terms of the source address that appears in the original e-mail message header itself. A valuable compromise in the new joint proposal allows MX records to link to TXT DNS records or data, instead of requiring all DNS servers to upgrade their e-mail policy data to XML format immediately. The ultimate goal is to provide a foundation for e-mail authentication technology that can help separate spam from real, legitimate e-mail, and make it easy to identify and discard unwanted or spoofed messages.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.