|
AOL And Microsoft's Antispam Crusade
Tuesday, October 26, 2004
America Online issued the following statement in relation to
email authentication technology, which is designed to help reduce
unwanted junk email, phishing, and spoofing of email on the internet.
"Today is an important day in the joint, collaborative effort
by antispam partners in the online industry to test and develop
email authentication technologies that help further address the
ongoing spam menace.
"America Online is today announcing its support of the newly
submitted version of an email authentication technology known as
Sender ID and advanced by our key partner in the antispam crusade,
Microsoft Corporation.
"This announcement is indicative of the evolutionary process
that occurs in the email authentication debate, as specifications
necessarily change and mature to include as many participants as
possible. AOL has always indicated that flexibility is critical
in the testing phase, so that opportunities might arise to allow
email authentication technologies to be more inclusive, adaptable,
and attractive to the broadest possible groups of participants.
"Since AOL became the very first major, national ISP to begin
testing an email authentication technology in December 2003, we
have worked cooperatively and collaboratively with many in the industry
to develop and test different email authentication technologies
- all of which share the exact same goal of providing assurances
to consumers and online industry leaders that an email sender's
domain can be checked reliably in an effort to help curb spam, and
phishing attacks.
"It's important to note that these technologies do not reduce
spam by themselves, but help create an environment online where
certain kinds of spamming, spoofing, and phishing become more difficult
as new layers of authentication are added to the email process.
"On September 15th, AOL announced that it would not move forward
with the deployment of Sender ID technology, because we had reservations
at that time about the specific version that had been submitted.
Namely, the fact that Sender ID at that time lacked 'backwards compatibility',
which meant that all of the development work AOL and many others
had put into the email authentication testing process would be cast
aside by the new version of Sender ID.
"We relayed those concerns directly to Microsoft and others
in the online industry - such as members of the Messaging Anti-Abuse
Working Group (MAAWG) and Internet Engineering Task Force (IETF)
community.
"Today, a new Sender ID version is being submitted to the
IETF that we believe fully addresses and answers AOL's concerns,
and those of many others in the online industry as well who shared
those concerns.
"We welcome and applaud Microsoft for its efforts, and we
continue to be encouraged by the way the online community has come
together to help make online communications safer and more secure
for the global Internet and for our members. The new Sender ID specification
is, without a doubt, proof that the standards process can work well
from a collaborative efforts standpoint. But more progress can be
made, and much more work is to be done.
"Specifically, this now allows those of us who have been testing
an email authentication technology known as SPF - or Sender Policy
Framework - to be included in the Sender ID specification moving
forward. This means that the over 100,000 domains publishing SPF
v1 records - including AOL - will not need to change their DNS listings,
and will have the option of checking the 821 Return-Path header
as part of the Sender ID framework. This saves AOL and many others
a great deal of time, resources, and development work.
"AOL is now participating in the testing of Sender ID by publishing
our record in both SPF v1 and v2 formats. AOL will begin testing
822 FROM domains on our inbound system according to the Sender ID
specification by the end of 2004. AOL plans to publish results of
this testing to the internet community at large, at the appropriate
time.
"AOL will continue to pursue testing of many different technologies
to enhance sender identification in email, including Yahoo!'s "Domain
Keys" and others. But such technologies are all experimental
technologies - which have either limited, or no implementation experience
on the global internet. Many other promising technologies abound
in this rapidly developing technology area. In addition to Domain
Keys, there is also Cisco Systems' "Identified Internet Mail",
the "Client SMTP Validation (CSV)", and more. We also
fully expect reputation and accreditation systems to emerge, which
will utilize sender identification technologies to actually have
an impact on spammers themselves and related fraudsters.
"AOL looks forward to the ongoing analysis and testing of
these technologies so that - in the end - the results will meet
our high standards of feasibility, acceptance, and security for
our members and online consumers in general.
"AOL also looks forward to presenting these views and others
at the Federal Trade Commission's (FTC) email authentication summit
in November, along with our industry partners."
|
