Microsoft will soon put some bite into its Sender ID anti-spam plans by checking e-mail messages sent to its Hotmail, MSN and Microsoft.com mail accounts to see if they come from valid e-mail servers, as identified by the Sender ID, according to a company executive.

The company is strongly urging e-mail providers and ISPs to publish Sender Policy Framework (SPF) records that identify their e-mail servers in the domain name system (DNS) by mid-September. Microsoft will begin matching the source of inbound e-mail to the IP addresses of e-mail servers listed in that sending domain's SPF record by Oct. 1. Messages that fail the check will not be rejected, but will be further scrutinized and filtered, said Craig Spiezle, director of Microsoft's Safety Technology and Strategy Group.

Spiezle announced the company's plans while speaking to a group of anti-spam luminaries on Thursday at The Open Group Conference in Boston.

Sender ID is a proposed technology standard, backed by Microsoft, for verifying an e-mail message's source. It combines two previous standards: the Microsoft-developed "Caller ID," and the Meng Weng Wong-developed SPF. The proposed standard was submitted to the Internet Engineering Task Force (IETF) in June for consideration. If adopted, Sender ID could provide a way to close loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," their message's origin.

Microsoft Chairman and Chief Software Architect Bill Gates unveiled Caller ID in March. The proposed standard asks e-mail senders to publish the IP address of their outgoing e-mail servers. E-mail servers and clients that receive messages from Caller ID domains could check the DNS record and match the "from" address in the message header to the published address of the approved sending servers. E-mail messages that didn't match the source address could be discarded or quarantined.

DNS is the system that translates numeric IP addresses into readable Internet domain names.

SPF also requires e-mail senders to modify DNS to declare which servers can send mail from a particular Internet domain. However, SPF only checks for spoofing at the message transport or "envelope" level, verifying the "bounce back" address for an e-mail, which is sent before the body of a message is received and tells the receiving e-mail server where to send rejection notices.

The IDG News Service is a Network World affiliate.