• United States

Microsoft attempts to fight spam by itself

Mar 01, 20043 mins
Enterprise ApplicationsMalware

* Microsoft should join industry efforts to rid e-mail boxes of spam

A month ago I passed on the information that Bill Gates had seen the light and realized that spam was a Bad Thing, in much the same manner that he discovered the Internet and secure- (what Microsoft calls “trustworthy”) computing. These, I hasten to add, were Good Things.

Addressing the World Economic Conference in Davos, Switzerland this past January, Gates committed to helping rid the world of spam and revealed a three-pronged attack: 1) better filters; 2) tests and challenges that baffle automated systems; and 3) forcing senders to pay for e-mail labeled as “spam.” He didn’t reveal any details at the time, which is probably a good thing because he talked about this some more just last week at the RSA Conference (a large gathering of IT security professionals) and none of the three methods he listed in Davos were on the menu. Instead, Bill touted a plan dubbed “Caller ID for e-mail.”

As reported on Network World Fusion (story link below), Microsoft’s Caller ID is similar to Sender Policy Framework (SPF), a newly proposed technology developed by Meng Wong of, and which is now the subject of an IETF working draft (see the details at

According to George Webb, group manager of Microsoft’s Antispam Technology and Strategy Team, there are things that just aren’t in SPF (as reported in eWeek –,4149,1537921,00.asp). Nothing major, it’s mostly that Microsoft has fallen in love with XML and wants to use it to communicate information in the Caller ID plan. SPF relies on short, concise messages and many feel that XML is simply too bloated and would bog down any mail server if it were used for these verification packets.

Microsoft could have announced it was joining the SPF working group. Microsoft could have said it was adopting the SPF standard for the good of its customers. Microsoft could have chosen the user-friendly route of bringing SPF technology to play within a framework of Windows 2003 Server. But that’s just not the Redmond way, is it?

Microsoft is still laboring under a variant of the “not invented here” syndrome. While it prefers its own technologies, whenever someone else promulgates something useful the Redmondites are quick to adapt it. Not adopt it, please note. Rather, the company’s behavior is what’s called “embrace and extend.” That is, praise the standard, use about 70% to 80% of it but add in new features that make the Microsoft version incompatible with implementations by other vendors.

So, Bill, here’s the bottom-line. Your customers don’t like spam. Your customers want better control of their e-mail so that they can eliminate spam. A large number of independent vendors and service providers have created a protocol called SPF that shows great promise in ending spam. Yes, it’s not as elegant as an XML solution. No, it doesn’t have a cute name like “Caller ID for e-mail.” But – and here’s the important bit – it’s already being implemented. You need to swallow your ego and direct your person to cooperate with the industry to help solve what many believe is the worst computer problem of our time. You might not get another knighthood for doing so, but you will get your customers’ thanks. Hopefully, you still think that’s worth something.