Modernizing Authentication — What It Takes to Transform Secure Access
In an ''executive e-mail'' sent to subscribers, Gates claimed significant advances against spam, with billions of junk e-mails blocked each day. Microsoft regularly sends such position statements and think pieces, bylined by its top executives.
Gates said the improvement so far came in part from SmartScreen, the spam-filtering technology used in MSN 8, MSN Premium, MSN Hotmail and Outlook 2003. For example, since SmartScreen went live on Hotmail six months ago, it's successfully blocked more than 95 percent of all incoming spam. Microsoft recently began making the tool available free to users of Exchange Server 2003, as well.
However, spammers have cranked up their output in response, Gates wrote, so that networks are more burdened than ever, even if the spam doesn't get through to in boxes. Fighting back, Microsoft is working on a number of new technologies and strategies.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Gates, who is also chief software architect for the software company, pointed to the Anti-Spam Technical Alliance as a recent success. The coalition of ISPs, which includes AOL, Yahoo!, EarthLink, Comcast and British Telecom, as well as Microsoft, endorsed a set of anti-spam best practices for e-mail service providers and large senders. They also agreed to cooperate on testing of proposals to combat ''domain spoofing'', the use of false ''From:'' addresses to make a message appear to be from a legitimate sender. Domain spoofing is involved in half of all of today's spam.
Gates emphasized that ISPs need to authenticate senders, and touted Microsoft's own Sender ID standard. In February, Microsoft began a pilot test of the technology among Hotmail users.
The Sender ID standard calls for publishing the IP addresses of outbound e-mail servers in the Internet directory, or Domain Name System, that control all e-mail delivery and embed each sender's IP address into an ''envelope''. This envelope would contain hidden routing information, allowing the recipients' e-mail systems will then be able to check a message's authenticity.
Gates wrote that his company is working on ways for unfamiliar senders to ''qualify'' their e-mail, for example by being required to use the sending PC to perform a computation before sending. While the time spent wouldn't bother normal users, it could create huge overhead for bulk e-mailers and spammers.
Another tactic would allow servers receiving suspect e-mail to reply to the sender with a challenge such as a puzzle or the familiar twisty letters to be typed into a form.