TMCnet News
America Online Announces Support of Microsoft's New Version of 'Sender ID' Email Authentication Technology DULLES, Va. --(Business Wire)-- Oct. 25, 2004 -- America Online, Inc. issued the following statement today in relation to email authentication technology, which is designed to help reduce unwanted junk email, phishing, and spoofing of email on the internet:"Today is an important day in the joint, collaborative effort by antispam partners in the online industry to test and develop email authentication technologies that help further address the ongoing spam menace. "America Online is today announcing its support of the newly submitted version of an email authentication technology known as Sender ID and advanced by our key partner in the antispam crusade, Microsoft Corporation. "This announcement is indicative of the evolutionary process that occurs in the email authentication debate, as specifications necessarily change and mature to include as many participants as possible. AOL has always indicated that flexibility is critical in the testing phase, so that opportunities might arise to allow email authentication technologies to be more inclusive, adaptable, and attractive to the broadest possible groups of participants. "Since AOL became the very first major, national ISP to begin testing an email authentication technology in December 2003, we have worked cooperatively and collaboratively with many in the industry to develop and test different email authentication technologies - all of which share the exact same goal of providing assurances to consumers and online industry leaders that an email sender's domain can be checked reliably in an effort to help curb spam, and phishing attacks. "It's important to note that these technologies do not reduce spam by themselves, but help create an environment online where certain kinds of spamming, spoofing, and phishing become more difficult as new layers of authentication are added to the email process. "On September 15th, AOL announced that it would not move forward with the deployment of Sender ID technology, because we had reservations at that time about the specific version that had been submitted. Namely, the fact that Sender ID at that time lacked 'backwards compatibility', which meant that all of the development work AOL and many others had put into the email authentication testing process would be cast aside by the new version of Sender ID. "We relayed those concerns directly to Microsoft and others in the online industry - such as members of the Messaging Anti-Abuse Working Group (MAAWG) and Internet Engineering Task Force (IETF) community. "Today, a new Sender ID version is being submitted to the IETF that we believe fully addresses and answers AOL's concerns, and those of many others in the online industry as well who shared those concerns. "We welcome and applaud Microsoft for its efforts, and we continue to be encouraged by the way the online community has come together to help make online communications safer and more secure for the global Internet and for our members. The new Sender ID specification is, without a doubt, proof that the standards process can work well from a collaborative efforts standpoint. But more progress can be made, and much more work is to be done. "Specifically, this now allows those of us who have been testing an email authentication technology known as SPF - or Sender Policy Framework - to be included in the Sender ID specification moving forward. This means that the over 100,000 domains publishing SPF v1 records - including AOL - will not need to change their DNS listings, and will have the option of checking the 821 Return-Path header as part of the Sender ID framework. This saves AOL and many others a great deal of time, resources, and development work. "AOL is now participating in the testing of Sender ID by publishing our record in both SPF v1 and v2 formats. AOL will begin testing 822 FROM domains on our inbound system according to the Sender ID specification by the end of 2004. AOL plans to publish results of this testing to the internet community at large, at the appropriate time. "AOL will continue to pursue testing of many different technologies to enhance sender identification in email, including Yahoo!'s "Domain Keys" and others. But such technologies are all experimental technologies - which have either limited, or no implementation experience on the global internet. Many other promising technologies abound in this rapidly developing technology area. In addition to Domain Keys, there is also Cisco Systems' "Identified Internet Mail", the "Client SMTP Validation (CSV)", and more. We also fully expect reputation and accreditation systems to emerge, which will utilize sender identification technologies to actually have an impact on spammers themselves and related fraudsters. "AOL looks forward to the ongoing analysis and testing of these technologies so that - in the end - the results will meet our high standards of feasibility, acceptance, and security for our members and online consumers in general. "AOL also looks forward to presenting these views and others at the Federal Trade Commission's (FTC) email authentication summit in November, along with our industry partners." |
