Microsoft touts Sender ID

[M. Johansson]

http://arstechnica.com/news/posts/20040812-4095.html

Sender ID for email, goddamn YES! This could quite possibly be the best thing Microsoft has ever done and will ever do.

[lo0ol]

I don't understand all of the technicalities and other stuff, but does this mean less spam? Woohoo!

[M. Johansson]

Quote:

Originally Posted by lo0ol

I don't understand all of the technicalities and other stuff, but does this mean less spam? Woohoo!

It means that spammers will no longer be able to send spam that looks like it comes from your domain.

[lo0ol]

Oh wow. That IS fantastic.

I assume it'll help cut down on all of that virus spam email too, eh? The stuff that searches address books and leeches your name, etc.

How long away is this?

[M. Johansson]

No, unfortunately, it wont, as viruses uses legitimate email accounts.

It is probably 2 years away or so.

[lo0ol]

There are some that go into your address book and spoof the from address to make it show from another person, hence all of the returned emails that I've received that I never sent.

[M. Johansson]

Ah, yes, that would be pretty much be eradicated in the long term with a solution like this, as I understand it.

[lo0ol]

Excellent.

[cfm]

Yes!

Go Microsoft!

The worst kind of spam (besides virus-laden spam) is the impersonation kind, and then you get shunned for other peoples' spam.

[Jeremy W.]

I shun you! SHUN YOU!!!!

Seriously, this is good stuff. I know some folk don't like the fact that it's coming from Microsoft, but personally I see that as a valid, but crappy reason to not support the technology.

If this succeeds (yes, a big if), spam will be reduced. If MS makes it a reasonably open API, we could easily see some very cool technologies come of it.

[The New Guy]

This is very helpful, as a recently ran into an encounter with some woman on MSN who was cussing me out for sending her a virus.

[someonewhois]

But this is incoming to Hotmail only, what about all the other e-mail providors including the Pop3 servers that I have on my server etc etc. etc.

[mmj]

I'm skeptical of any solution to spam which would require breaking compatibility with the existing email system. Not because it's the wrong thing to do (I think it would be good), but because it will have trouble catching on - the pressure of backward compatibility, particularly with email systems - is very strong.

[M. Johansson]

Quote:

Originally Posted by mmj

I'm skeptical of any solution to spam which would require breaking compatibility with the existing email system. Not because it's the wrong thing to do (I think it would be good), but because it will have trouble catching on - the pressure of backward compatibility, particularly with email systems - is very strong.

I agree, but, if Hotmail required this stuff to recieve email, I can tell you that it would catch on rather fast. I know that I would make it a top priority for my site. It's basically only Microsoft (and possibly Yahoo) that can do this.

[pippo]

The matter is too complicated to read for me but thought interesting to post this:
http://apache.org/foundation/docs/se...-position.html

[M. Johansson]

Quote:

Originally Posted by pippo

The matter is too complicated to read for me but thought interesting to post this:
http://apache.org/foundation/docs/se...-position.html

Basically, due to licencing issues Apache (and it seems, open source projects in general) cannot implement this. I forsee Microsoft bending on this sooner or later. Either that, or the concept of Sender ID will never fly. Apache is extremely strong on the web server market, and must cooperate for this to work.

[mmj]

I agree with what ASF says there. It's common sense though - requiring somebody to ask Microsoft for a license whenever they implement something is not compatible with open source software. There's nothing new about that.

Quote:

Apache is extremely strong on the web server market, and must cooperate for this to work.

ASF are strong in the web server market, but are they strong in the email server market? Which products from them would this affect? I think that they're speaking on behalf of the larger open source community, who might want to incorporate this into their applications.

In my opinion, any modification to existing email protocols which both breaks backward compatibility and cannot be used in open source software is not likely to succeed on a large scale. And if it does succeed, it will create a new "standards war" between Microsoft and open source as open source developers struggle to come up with an alternative that is not affected by patents.

It's possible that Microsoft could bend on this, but I see that as unlikely. I think it would not against Microsoft's interest to share with the open source community given that they're already in danger losing ground to open source on a couple of other fronts. It would be good for them if they could gain some control over email, as ineffective as I think this would be.

[Hierophant]

Quote:

Originally Posted by mmj

ASF are strong in the web server market, but are they strong in the email server market? Which products from them would this affect? I think that they're speaking on behalf of the larger open source community, who might want to incorporate this into their applications.

As stated in the link provided it would affect their SpamAssassin and JAMES (a java based email server) products.

[Widow Maker]

Seriously though folks, 2 years away ?

And when you think about it, it's a Microsoft product, and there will without any doubts be a security hole(s) that come with it, requiring you to download patches for god knows how many years just to keep it secure

Good idea of course, just don't let Microsoft provide the solutions, that's all I'm saying

[Hierophant]

It isn't a product... It is a protocol. Actually, it isn't even that but simply an enhancement to an existing protocol.

As such it would be built into Microsoft Exchange Server and Outlook not a separate product elsewhere. Can also be in Thunderbird or Eudora.

[The New Guy]

The sender ID was rejected by the IETF.

http://story.news.yahoo.com/news?tmp...ft_security_dc

[Kevin Yank]

Spammers don't seem to mind this technology at all, as they make up the majority of its early adopters:

http://www.theregister.co.uk/2004/09...tication_spam/

[mmj]

Quote:

Originally Posted by W. Luke

Can also be in Thunderbird or Eudora.

It cannot be in Thunderbird as Thunderbird is protected with an Open Source license, the point that Apache Foundation were making. On another note this is, in my understanding, the reason that IETF denied it.

[M. Johansson]

Quote:

Originally Posted by Widow Maker

And when you think about it, it's a Microsoft product, and there will without any doubts be a security hole(s) that come with it, requiring you to download patches for god knows how many years just to keep it secure

This joke is kinda getting old, since Server 2003 has had significantly less vulnerabilities than Linux and IIS has had less than Apache during the same time period.

[Fotinakis]

So, this new protocol.........it seems like a semi-good idea and all, but what about privacy? Will it also allow capabilities of email tracking to a particular address? Will this also affect USENET groups because when you post to them, it runs through your SMTP mail server---will it stop you from using a fake email address to post news (as most people do)?

Just a few questions I was thinking about glancing over it...

- Fotinakis