SPF and Microsoft agree to merge anti-spam standard

Microsoft Corp and Meng Wong, the author of the Sender Policy Framework, have agreed to merge SPF with Microsoft's Caller ID For Email specification to create a single email authentication specification.

Wong, CTO of Pobox.com, and Microsoft presented their proposal before the Internet Engineering Task Force’s MARID working group last week, and expect to submit a spec to the standards body next month.

MARID, for MTA Authorization Records in DNS, is a group set up within the IETF recently to figure out ways to publish the IP addresses of authorized Mail Transfer Agents in domain name system records.

That’s essentially what both SPF and Caller ID do. Receiving MTAs check DNS records to ensure the sending MTA is authorized to send email on behalf of that domain. This will reduce sender spoofing, often used by spammers and worm writers.

The IETF seems to like the merged spec idea. Andrew Newton, co-chair of the ARID working group said in a statement: We are very optimistic that this proposal will provide the type of solution that MARID is looking for.

A third related proposal, Yahoo! Inc’s DomainKeys, has already been submitted to the IETF. That system calls for emails to be digitally signed using private keys held by email senders and verified at the receiver using public keys published in the DNS.

Last week, Yahoo anti-spam product manager Miles Libbey told ComputerWire he saw no reason why DomainKeys could not become interoperable with SPF and Caller ID. DomainKeys is a less broad framework.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing