IronPort, others support Microsoft's Sender ID

Products and services from e-mail security company IronPort Systems Inc. will support Microsoft Corp.'s Sender ID e-mail authentication standard, the company said on Thursday.

IronPort's C-Series security appliances will include Sender ID checks as one element used to generate a score used to establish the reputation of e-mail senders. The company's Bonded Sender Program, which is used by e-mail marketers, will also use Sender ID data as part of its accreditation process for e-mail senders, the company said in a statement.

The announcement comes as e-mail service providers gather on Microsoft's Redmond, Washington, campus to learn about and show support for Sender ID, according to an announcement from the Email Service Provider Coalition. The group claims to represent companies that provide e-mail to more than 250,000 clients.

Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.

Tens of thousands of Internet domains have published SPF records since the standard was introduced by Meng Weng Wong of Pobox.com. In May, Microsoft and Meng reached an agreement to merge SPF with a Microsoft-developed standard called Caller ID to form the new Sender ID standard, which Microsoft submitted to the Internet Engineering Task Force in June for approval.

Sender ID is fast becoming the de facto e-mail authentication standard, as Microsoft rallies support from e-mail providers, Internet service providers and e-mail software vendors.

In July, Microsoft said it would begin checking inbound e-mail to its hotmail.com, msn.com and microsoft.com domains for valid Sender ID information starting in October. E-mail messages that fail that check will be subject to additional scrutiny and filtering, according to Craig Spiezle, director of Microsoft's Anti-Spam Technology & Strategy Group.

America Online Inc. (AOL) will also begin using Sender ID checks on inbound e-mail in September. The results of successful Sender ID checks will be used to elevate the status of "good" e-mail, but failed checks alone will not result in messages being bounced, according to Nicholas Graham, an AOL spokesman.

"Momentum is growing. I think you're going to see a sea change, where we need to move to implementation and see what breaks and what doesn't break," Spiezle said.

In addition to IronPort executives, senior executives from Symantec Corp., Brightmail Inc., Cloudmark Inc., VeriSign Inc. and others will gather at Microsoft's headquarters Thursday to hear from the software manufacturer and Meng about Sender ID, get technical advice about implementing the standard and learn about Microsoft's plans for using it with its Hotmail free e-mail service.

In a statement, IronPort said supporting Sender ID will allow it to help its customers fight spam and provide more accountability in the e-mail system.

The company plans to offer support for Sender ID in its products by October.

Other companies announcing Sender ID support for their products Thursday were: