Companies who want their legitimate commercial emails to bypass MSN and Hotmail’s spam filters will have to adopt Sender ID, which will very likely accelerate adoption of the new email sender authentication specification.
That’s the rub of third-party announcements set to come out of a meeting of the Email Service Provider Coalition, taking place today at Microsoft’s Corp’s campus in Redmond, Washington.
IronPort Systems Inc will announce that all new applicants to its Bonded Sender program will be obliged to publish Sender ID records. Bonded Sender participants are given a free pass to send their emails to Hotmail users.
That’s really important if you’re a commercial emailer, said Tom Gillis, senior VP of marketing at IronPort. Hotmail and MSN could represent up to a third of your customers.
Bonded Sender requires bulk emailers to agree to a set of best practices, which are somewhat stronger than the requirements of the US CAN-SPAM Act, and post a financial bond to back up their words with cash.
Now, new Bonded Sender applicants will have to publish Sender ID records – basically a list of their authorized outgoing mail servers – in their domain name system records, so that recipients can authenticate senders.
Since Microsoft announced it implemented Bonder Sender back in May, the base of sender-side participants has grown from ten to ninety companies, and there are more than 400 more companies currently in the application process, Gillis said.
It took a Gorilla the size of Microsoft to really push that [Sender ID], said Gillis. Sender ID is a combination of Sender Policy Framework (SPF) from pobox.com and Caller ID For Email from Microsoft.
IronPort will also add Sender ID support to its SenderBase reputation service by October. Sending IP addresses with Sender ID records associated with them will get their score boosted. It will probably go up, if it’s a scale of one to 10, probably a two, Gillis said.
Also today at the ESPC meeting, VeriSign Inc will announce that it, and its technology partner FrontBridge Technologies Inc, will implement Sender ID in their managed email security services, according to VeriSign senior product manager Bruce Ong.
The plan is to take a somewhat slow approach at first, Ong said. Senders who do not have Sender ID records will not be negatively scored, but those who do will get a positive score. Senders spoofing domains that do have Sender ID will be negatively scored.
VeriSign will also announce that it will make a list of its Class 3 digital certificate customers’ domains, which have undergone fairly rigorous manual authentication, available to other anti-spam vendors.
The idea here is to give spam filters a better idea of which domains are owned by legitimate businesses. If it takes off, it could of course have a positive impact on how many certificates VeriSign sells.
Another anti-spam vendor, Cloudmark Inc., will announce the launch of Cloudmark Rating for Sender ID, a reputation service for Sender ID-authenticated domains. The firm claims it closes the loophole created by spammers publishing Sender ID records.
Karl Jacob, CEO of Cloudmark, said in a statement: While Sender ID is great for authentication, it needs to be coupled with a reputation system in order to be truly effective.
Microsoft, which is hosting the ESPC meeting, could not be reached for comment. Other organizations and companies, including Brightmail, TRUSTe, Sendmail and Tumbleweed, will participate in the meeting.