Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases 'Caller-ID For Email' Specs

Posted by simoniker on from the avon-calling dept.

gfilion writes "Microsoft has released a draft specification for Caller-ID for email, 'to address the widespread problem of domain spoofing' - the concept is similar to SPF, but is using XML. There's already an Caller-ID to SPF converter in the works. A few weeks ago, Microsoft discussed compatibility between the projects with Meng Weng Wong (SPF's project leader), but most SPF users are against using XML, so nothing has come of it thus far." We recently covered a brief article mentioning Microsoft's anti-spam work, though this is a clearer indication of their intentions. Update: 02/26 21:36 GMT by T : NewsForge is carrying a brief article with FSF counsel Eben Moglen's take on the draft; Moglen says it is "encumbered with unclear and unnecessary patent license claims."

6 of 430 comments (clear)

  1. Why not? by swordboy · · Score: 1, Troll

    Why not have *real* caller-ID for email authentication? Before you can get on my white-list, you have to call a phone number for some sort of challenge-response. Caller-ID could be part of this.

    --

    Life is the leading cause of death in America.
  2. How about text? by amightywind · · Score: 1, Troll
    While I agree that there are no absolutes, why not go with the path of least resistance when it doesn't really matter? XML has become the path of least resistance *at a macro level*. it's universally accepted these days, so unless there's a compelling reason *not* to use it... use it.

    I wish you would learn something about existing mail standards before you say something so stupid. Email is primarily a simple text format, my HTML/word document/virus packed mailbox not withstanding. I am not surprised M$ would want to further polute the standards but why would you?

    --
    an ill wind that blows no good
  3. Re:two things by kaisyain · · Score: 2, Troll

    So Customer A should allow 3rd parties to forge email through their servers to support business unrelated to Customer A? Why should they be doing the consultant that favor? And why do they care if the consultant is at their site (probably billing them) and can't waste time solving Customer B's problem?

  4. Re:sucks / rocks by Trigun · · Score: 0, Troll

    I must have missed that memo. Good thing too, I thought that I was ordered to kill my dog. I better go read those specs!

  5. It's about time by robnauta · · Score: 0, Troll

    It's about time someone does something. The largest problem threathening the useability of Internet is that old protocols, often UNIX-related, were made, then put in an RFC, and then nothing could change anymore.

    No matter how broken it is (for example SMTP's trusting that anything specified in mail from/rcpt to/headers is correct, or FTP's incompatibilty with NAT, or IRC's general uselessness) once it is in use, nobody dares to phase it out anymore. Instead lame kludges are added like EHLO instead of HELO. All to preserve the sacred backwards compatibility, in case someone still runs System III, Ultrix 2 or BSD 2.4

    It doesn't matter that the whole service (in this case email) becomes unusable due to massive abuse, UNIX zealots just say "that's the way it's supposed to work, read the RFC". Meanwhile nobody considers email serious anymore, people are forced to use spamblocks and throwaway addresses.
    I don't care who invents something, just do something already !

  6. Re:Hidden motives and big brothers little helpers by git357 · · Score: 1, Troll

    Comply? Don't you mean obey? Let skirt around the euphemisms,smoke and mirrors, for a bit. This is the beginning of some sort of licensing/ID of all internet users. This isn't this first time we've seen horse manure in a shiny wrapper. Don't start grumbling when the powers that be decide it's best for you to use a government ID on slashdot instead of Hard Code as your handle. Then, they can punch up your number anytime they please and check you out. Of course, they'll have some "noble" excuse. Maybe you think that's great, but not everyone enjoys big brother and its self-appointed elite running every facet of their lives.

    Why isn't it just as well to investigate some type of software restriction of email volume from a particular connection, which will actually address the problem? Is it possible for a network to know when a major bundle of email has been released? How hard is Microdsoft working on finding out? If someone wants to blurt out thousands of email, let them get registered. The net Microsoft wants to cast is too wide.

    Identification always precedes restrictions. So, you've just cast your vote for the government censoring/removing internet content, or hassling the web site owner until they pull it. For all we know, the spam is coming from outside of this country to force the very restrictions you support. What right does a foreign country have to influence US domestic law, if there is that possibility? Just like most laws these days, the ones causing the restrictions will get around it, the problem will remain, and the only loser will be Joe Grunt taxpayer who's getting checked out for any "suspicious" moves, forever. Who defines "suspicious", someone who sees me as a political adversary?