Microsoft and Pobox.com Take Aim at Spam
The purpose of the solution is so that Internet service providers can more easily filter out unsolicited email, a goal that both companies had been pursuing separately until this week.
Both Microsoft and Pobox, a subsidiary of Pennsylvania-based IC Group, are in talks to combine two solutions: Microsoft's Caller ID software for email, and a Sender Policy Framework solution developed by Pobox co-founder Meng Wong. Pobox is an email forwarding company.
The proposed standard would enable ISPs to track the address of the email sender and determine if it is sent from servers known to be used by mass spam marketers. Once the email is recognized as spam, it can be rejected by the ISP servers.
Microsoft is saying that the standard would be particularly effective when it comes to shutting out spam companies that use "cloaking" or "spoofing" methods to disguise the origin of their emails. Both practices use bogus headers and return addresses to mislead email recipients and elude anti-spam companies. In many cases those tactics are used to dupe users into handing over personal identification information.
"What we're trying to do is tell if an incoming email is really coming from where it says it's coming from," Wong told Reuters.
The two companies have announced their anti-spam alliance on the heels of a new research study claiming that in the month of April alone, 840 million spam emails were received by users, and among those millions, 97 percent were spam.
According to both Microsoft and Pobox, the proposed standard awaits approval from the Internet Engineering Task Force, an open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the operation of the Internet. IETF is overseen by the Internet Architecture Board.
Other ISPs and Internet heavy hitters like Amazon.com, Yahoo and American Online are also developing their own solutions to the spam scourge. In March of this year, Yahoo came out with an authentication system called Domain Keys, which digitally encrypts email messages in such a way that email browsers can reject certain email.