Microsoft is proposing to merge its latest anti-spam measure with a domain authentication scheme, in order to counter the growing threat of spoofed email addresses from spammers and phishers.
The software giant wants to combine its Caller ID software with a domain authentication scheme devised by Meng Wong, co-founder of email forwarding and hosting company Pobox.com.
Wong, author of SPF, and Microsoft believe that merging the two applications will help detect spoofed email addresses used by spammers and phishers to disguise identities.
This could have a two-fold benefit. As the IP addresses of many spammers are picked up and become known to internet service providers, they can be blocked. Spammers frequently forge address headers to get past current protection.
It would also help combat the growing problem of phishing where criminals forge addresses of financial institutions and retailers in order to trick people into divulging financial and personal information.
Under the proposal, organisations will publish information about their outgoing email servers, such as IP addresses, using XML. The system will be compatible with domains that have already published information in the SPF TXT format.
The combined system would then confirm the sender's domain, and anti-spam filters could be created which could block all messages with 'from' addresses that do not match the actual sending domain.
The proposal, which will be presented to the Internet Engineering Task Force (IETF) standards body in June, has been welcomed by the organisation.
"We are pleased to see Microsoft and the SPF community working together on a unified specification," said Andrew Newton, co-chairman of the IETF working group that handles domain identification issues.
Another rival anti-spoofing specification, DomainKeys, promoted by Yahoo, was submitted to the IETF last week.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend