Slashdot Mirror
Sender-ID Back From The Dead
NW writes "Microsoft's Sender-ID standard has been left for the dead since the rejection earlier this fall by the IETF. According to a Reuters story, it has been revised and will be resubmitted to the IETF. Along the way, Microsoft managed to pick up AOL's endorsement of Sender-ID. My humble analysis appears here."
Sender ID rocks, if its implemented properly. Too bad spammers will just start registering domains and using them semi-legitimately.
Cemil.
Being that AOL's marketing strategy is based somewhat on spam (the cds you get in the mail, the "Sign up for AOL" icons that appear on your desktop), doesn't that kind of hurt the legitimacy of that endorsement? I dunno, if the guys offering me home loans and viagra said this was good technology, I might think twice.
If we have learned nothing from watching AOL feast on Netscape's corpse it's that there are LOTS of execs at AOL with radically different ideas about ways to do things, and they change their mind on a weekly basis. Exert a modest bit of pressure and they can be made to bend over like the fitty cent whores they are.
AOL is certainly not a highly respected corporation, especially in the tech-world. They've agreed to ally themselves with Microsoft for this particular issue, but until some other notable corporations or organizations (particlarly Yahoo!, Google, and Apache) accept sender-ID as a "standard," there's no way it will make any difference in the fight against spam.
An effective signature identifies a particular user amongst a base of thousands.
With AOL using this standard, Microsoft gets a huge chunk of marketshare for it.
Microsoft has one goal in all of this: To lock Open Source out of a standard, and then launch FUD campaigns about how Open Source refuses to support Sender-ID (because MS will charge an insane fee for licenses, but MS won't mention this) and thus helps spammers.
"You spoony bard!" -Tellah
The reason they, and the rest of the IETF rejected the original Sender ID proposal was because it seemed to go out on its own track with no regard for other schemes that do similar work. To have incorporated and accepted Sender ID at that time would have meant that other ideas like SPF would have been left by the wayside and Microsoft's vision of email would be dominant.
That whole thing was rejected, thankfully.
Now, Microsoft seems to have actually taken a look at the concerns surrounding their original proposal and formulated a new Sender ID scheme that is inclusive of other existing schemes such as SPF. AOL put a lot of effort in developing this kind of technology and now Microsoft's proposal finally includes them too.
What it sounds like from the Yahoo article is that Microsoft's Sender ID is at best a superset of all authentication schemes and at worst a compatible, though competing, technology. Neither of those are bad things. I think AOL realizes this for what it is, Microsoft actually trying to do something useful to help the ailing email system.
The Sender ID scheme seems to allow for further developments that may or may not be based on Microsoft technology but still be fully compatible nonetheless.
Sender ID is flawed in that it fails to address the issue of the inherent insecurities in an unsecured content delivery system. Truly the only way to kill unsolicted drops is a system requiring authentication based on individual originators as opposed a location-based system that ignores the fundamental problem of having such an open-ended system.
Even if this is somehow accepted, it will make little diffence as its effectiveness will prove worthless in actual implementation. I project that this will become a moot point after the election, and even less so by the middle of the 2010's.
that guy's site is going to make some massive revenue via google adsense
You can't make a standard anymore if you hold a patent and are unwilling to grant a free license. Submarine tactics are just too popular these days. Fool me once, shame on you. Fool me 20 times, shame on me. Nobody buys into this "don't worry, we're just defending ourselves" crap anymore. They all start out that way, but without a real license we can use, it's just an empty promise.
What are you talking about? Why is that relevant? Didn't you see "Microsoft" in the article summary? And, as if that wasn't a clear enough message what to think, it also said "AOL." Sender ID is bad bad bad. Not only won't it work, it represents the most insidious kind of fascism. An open source solution would obviously be better, and more liberating.
Slashdot.... Fuck yeah!
Matt Daemon.
This is actually irrelevent. The problem is not with the technical details but the legalities. So long as there is a patented technology included without a universal right to use for any purpose, the proposal stinks and needs to be kicked in the head.
_O_
.|< The named which can be named is not the true named
From what I've seen, AOL has a large amount of respect in the Anti-Spam community.
Let me first expand on my original statement. Wall Street does not look highly upon AOL: they dramatically overpaid for Netscape, a division that is, for all intensive purposes, dead; they were involved in one of the most under-reported merger scams of the past decade (Time Warner, a long-profitable company was, many believe, duped); and their growth prospects are extremely limited. They've proved their inability to display original content, and the slow atrophy of their user-base has begun.
The user community, too, has a seemingly endless list of complains--those who remember their growth problems (myself included), the constant busy-signals, buggy and bloated software, high prices, and extremely poor technical support--they place the blame soley with AOL, regardless of who is at fault.
But you argue that the anti-spam community respects AOL? I would disagree. True, they've pursued legal action against several high-profile spammers, but I would normally expect far more from a company with legal abilities such as theirs. They've acted in their own interest, and not in the interest of their users (not surprising, of course, as their obligation is to the shareholder, and not the consumer).
AOL could have, and indeed should have done more; they, however, have remained largely apathetic.
An effective signature identifies a particular user amongst a base of thousands.
Unfortunately for Microsoft many IT decision makers refuse to even weigh the merits of this idea before discounting it.
SenderID is not perfect, but if a more 'neutral' company like Sun, Apple, Google, etc introduced it, it would have at least been given a fair shot.
Instead of saying "SenderID is bad because of XXX and, by the way, M$FT Blows" they would be saying "SenderID is bad because of XXX but here's how it could be made better"
PRA appears to me to have been written because MUAs (as opposed to MTAs) do not consistently deal with envelope addresses, MAIL FROM, and the resulting Return-Path header. It adds complexity to the outgoing MUA to make sure that the PRA is the same as the envelope from. The incoming MUA will have to follow the PRA algorithm to figure out who's responsible for the mail, rather than just make the Return-Path accessible for spam filtering. The overall feeling is that the designers assumed people couldn't understand how to deal with the return path, so they replaced it with something more complicated and broken.
It's nonsense to think that something should be a standard if the implementors can't implement it. If the patent issues have been removed (say by dropping the absurd requirements, or by the patent office rejecting the patent), then great. But it's not reasonable to try to use a standards body to prevent alternative implementations. The whole purpose of a standards body is to define standard interfaces that everyone can implement. Since there are many important open source software implementations of these interfaces (in this case for MTAs), then the standards need to be implementable by open source software. If not, then the IETF should just send it right back; nothing important has changed. The problem is legal, not technical, and it requires a change in legal situation.
- David A. Wheeler (see my Secure Programming HOWTO)
For many months now, I've published SPF records for all domains under my management. And every day, we get AOL trying to bounce messages allegedly from non-existant addresses within those domains... If AOL were really using SPF to reject spoofed mail as it arrives at their gateways as they've said they were going to, they'd have never accepted the spoofed messages, and I'd knock about 3% off my server load...
I'm not sure how someone who uses the phrase "for all intensive purposes" could be moderated insightful. It's "for all intents and purposes."
Could someone please point me to a brief explanation of what Sender ID gives you that SPF doesn't. I thought they both just allowed you to verify that the "From" header line is consistent with the IP that the mail originates from.
And so Microsoft has a golden oportunity. They can help reduce costly spam incoming to their networks (corporate, hotmail, msn, etc.). They can help reduce one of the most popular vectors for malware that has a negative effect on adoption of their software. AND they can pull off a major warm-and-fuzzy PR move to counter the expanding cadre of IT types who have come to distrust, if not lothe them.
What do they do? Play licensing shennanigans.
Sketpicism is very much justified.
Yay, one of my favourite grammar mistakes. for all intensive purposes. Not flaming (posting AC to avoid karma backlash though), trying to be informative.
Uh oh. What's that sound? The sound of hundreds of trolls, astroturfers, and MS fanboys clacking at their keyboards! If MS is being criticized, they must be the martyr.
/. readers.
/. just wouldn't be the same... ...but it WOULD be a bit less noisy.
/. posters are free of stupidity. We all need a sanity check. But if all you're going to do is drone on about poor Microsoft and how they're the victom and anybody distrusting them are just unthinking "slashbots" then you're wasting your breath. Not to mention coming off like a complete tool.
Over half of you won't even acknowlege Microsoft's history. Those of you do simply idolize Microsoft and will simply regurgitate what other trolls and fanboys have found annoys
Don't go ahead and admit that Microsoft might be forced to now lay in the bed that they made. Because
By the by... I'm all for opposing views. It's not like
From Netwizard's Blog:
The FTC and NIST are holding a joint summit on email authentication in two weeks in Washington, DC (during the same week as IETF's 61st conference). They hinted earlier this year that if the industry does not come up with a standard for authentication, the feds might impose one.
Could the FTC actually do this? I wasn't aware that they had any authority over internet standards. The internet isn't some corporation, or the sole property of any business, even if some companies wish it were.
Yeah, the "moderators" should of noticed that. If they had, probably they all of the sudden would have changed their minds about moderating. I have a deep-seeded hatred for such errors, they make me loose my mind. However, moderators do have free reign.
However, attacking the intended payload due to presentation issues (inability use a pat phrase correctly) is a classic Logical Fallacy. Some people spend so little time with authoratitive written material that the correct forms may never have been seen, and only the spoken version encountered.
FP.
Also FatPhil on SoylentNews, id 863
Loke alot of people when using a mobile phone I simply dont answer people who dont use sender ID.
But wait, it could be important...
Think about the consequences of that. Even if Microsoft follows through on its promise to make the license available "for free" to anybody, it means that if you buy a Microsoft mailer or a mailer from a sublicensee, you can just install it and run it. If you install an "open source" mailer, however, your legal department needs to execute a licensing agreement with Microsoft's legal department. The costs and delays resulting from that alone make the "open source" mailer uncompetitive, no matter how much better it may be than Microsoft's products.
That is why the official open source definition does not allow such patents: if software implements such a patented invention and requires a licensing agreement with Microsoft, that software simply is not "open source", even if it it is distributed under the text of an open source license--the existence of the patent and licensing requirement makes it not open source.
It maybe a good solution but isnt the whole point of email that its globally compatible with open standards. Yes that may have been the failings of smtp/standard email delivery with the massive increase in spam. But realistically having a patent based email system inhibits the majority of email on the internet.
I personally dont know of any ISPs that use exchange as thier ISPs platform. the only large scale internet exchange setup that I know of is hotmail...
So in microsoft and aol trying to adopt this system whats going to happen to email in the future?
Here is a mirror of the authors slashdotted web page:
My humble analysis appears here
The rest appear to be fine since they are not easily slashdotable personal sites.
... just in time for halloween! :D
Nobody should have patents on core protocols and mechanisms of the Internet. It's just likely to end up becoming a cash cow.
Someone at Microsoft already stated they liked the idea of email stamps, paying a nominal charge per email.
Can anyone explain to a non-sys admin how sender-id will work, or a link to a noddy explanation
Nothing costs nothing
Sender-ID is not Microsoft's. Sender-ID is SPF with a patent encumbered (and useless) technology known as PRA. Here is my speculation. Microsoft has been trying to (and successfully has it appears) the SPF vehicle to use for their own purposes, which is to compete with Yahoo's Domain Keys. Props to Yahoo for at least a decent and aptly named technology. Microsoft's competetive *cough* copy cat *cough* technology is called "Email Postmarks". The continued association of electronic mail with real mail is disturbing -- as is Microsoft's use of "CallerID for E-mail". Man they really know how to label those projects so absolute fucking morons can understand... oh wait, thats right, thats most MS lusers... MS wants to shove this postmarks crap down your throat and Verislime wants to sell you certificates for this. The idea being that in order for mail from your server to be respected you'll need to buy a certificate. If you have one, then people won't reject your e-mail. What a novel idea! They are trying to do to SMTP what Verislime did to HTTPS.
How on earth I can reference anything insightful when slashdot signatures are limited to 120 characters?!
http://www.imc.org/ietf-mxcomp/mail-archive/msg051 35.html
It appears that my predictions are coming true. Meng, MS and the IETF shut down the MARID WG so that they could more easily push the patent encumbered SenderID through. They no longer have to deal with a WG last call.
Expect more steps to happen after IETF-61 when the individual drafts will be "reviewed".
SPF support for most open source mail servers can be found at libspf2.
Q2: Doesn't having a patent on Sender ID complicate the process of getting it adopted as an IETF standard? A: No. It should not. There are dozens and dozens of patent rights that have been disclosed to the IETF that may cover IETF standards. See http://www.ietf.org/ipr.html for a complete list. We are not aware of any of these patents complicating the standards process especially where the patent owner has provided an assurance that it would make licenses available on a royalty-free basis with other reasonable and non-discriminatory terms and conditions as Microsoft has done here.
Nothing costs nothing
God. Can't you people with political axes to grind keep to forums discussing such. Are your brains so tiny that they cannot conceive that there are other discussions going on dealing with other issues?
Naw. That'd be too much to ask.
> What reason would Apache have to do anything with Sender-ID?
Perhaps because of SpamAssassin?
Quoting ASF:
Since SpamAssassin is not limited to only one MTA and its purpose is to filter spam, the Apache Software Foundation needs to ensure proper domain validation is performed.
And yet you used the phrase "should of."
Pedantic authoritative written material:
should of noticed
should have noticed (notice that this is grammatical and makes sense. "Should of noticed" makes no sense and is a result of listening to people who do not enunciate)
authoratitive written material
authoritative written material
Fool me once, shame on you. Fool me 20 times, shame on me.
Actually -- it's, "Fool me once, shame on -- shame on you. Fool me -- you can't get fooled again."
SPF, while not perfect, is already used in production servers (AOL anybody?) and with the advent of SRS, works pretty well.
My meaningless, insignificant, 2 domain email system:Most are AOL, earthlink or netzero. Funny how I don't see SPF records for microsoft, hotmail, etc.
This isn't that hard to do. sender-id, spf, etc, does nothing. We already know most semi-legitimate spammers are publishing SPF records on their throwaway domains which takes care of the other 10% of spam...
Fix this properly. Declare it within the law to assassinate anyone who sends a piece of spam. Then merely wait.
Vendors are always issuing press releases that they're "submitting" or "resubmitting" something to IETF. As far as IETF is concerned, this means exactly nothing. Anybody can submit an internet-draft on any topic related to Internet protocols, and it has exactly the same effect as if Microsoft does so. Just because you submit a draft doesn't mean that anybody is going to look at it. In this case, there isn't even an open working group to consider the topic. So the significance of Microsoft resubmitting a SenderID draft to IETF is minimal at best.
Not to mention "they all of the sudden" and "loose my mind" (why, was it too tight?)
1) Inappropriate scare quotes around "moderators."
2) Should of -> should have
3) All of the sudden -> all of a sudden
4) Deep-seeded -> deep-seated
5) Loose -> lose
6) Free reign -> Free rein
7) Authoratitive -> authoritative (probably a typo)
Do you think, maybe, this was supposed to be funny?
There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
PRA is a side issue, it derives from the message header and so cannot be trusted since it could be faked.
Can I suggest this approach to handle relayed mail:
It doesn't matter if a message from A to B goes via C.
When you accept messages from 'C' and the header says its relayed mail, it is either:
1. A known blacklisted spammer relay.
2. An unknown relay in which case content filtering is used.
3. A relay that implements SPF itself and so messages from it can be treated as already having passed the SPF check.
Determining 3 isn't as difficult as you might guess. You can promote a relay server from 2 to 3 if you never receive spam with a faked origin, from it.
Since the whole point of SPF is to reduce the number of content checks, reducing the filtering load and improving the reliability, this is a reasonable strategy.
Well, he could have meant the Netscape division doesn't have an intense purpose within AOL anymore. :)
It's just a lame advertising division, with no intensive purpose.
Ok, ok...I'm stretching, there. His grammar sucks. Really.
"City hall" in German is "Rathaus" Kinda explains a few things......
There's a dozen other companties that support microsoft.
You can see a list here
Funny thing to see AOL is not in that list.
From what I can tell, it looks like MS want their idea to be the standard, yet they also want their idea to be one that you have to pay for a license to use.
Basically having what everyone uses and getting paid for it. Plus if, as it seems, the license is incompatible with F/OSS MTAs then suddenly any non-commercial offering has a damn hard time competing with "what everyone else uses".
It's like MP3 or ISO-MPEG4. Both are, I believe, published standards. Both also require a license to use. Which is why some Linux distros have issues with supporting MP3 out of the box (trivial to fix, but still requires post-installation steps), or that XViD (at last check) would only distribute source and not binaries from their official site.
Tiggs
"120 chars should be enough for everyone..."
That would be Bill Gates.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
"Sender-ID" is like a digital signature which is fine and dandy except when you read to much into it. Knowing an email comes from a particular server doesn't indicate whether or not it is spam just like signing "malware.exe" with a signature doesn't mean it is okay to run.
Signatures only verify it comes "blessed" from a source. If the source is bogus then it doesn't matter if it is signed or not. Putting too much faith in "Sender-ID" opens a whole lot of problems. For instance "Sender-ID" from "spamster@hotmail.com" just means it comes from a legit hotmail.com server. It does not clear it from being spam. I can see how malware will take over zombie machines co-oping their email servers. Instead of sending spam from the infected machine, it will just use its email settings back to "isp.com" which uses "Sender-ID" and we are back to chasing down infected machines.
Besides, isn't "Sender-ID" patented? How much will it cost to implement "Sender-ID" for my little email server so I can actually email people? The last thing the Internet needs is more patented technology running around solving social problems.
The idea of Sender ID is a good one and it should have been a chance for Microsoft to give back to the community at large by making this a free, open standard. Of course most of the malformed email spam is sent from Microsoft based operating systems so I guess MS should make money on both side of the issue.
The fact that Microsoft is pushing this is one of the reasons it will never work. No one will trust Microsoft not to abuse their own system. If some company were taking on Microsoft all they would have to is invalidate their competitors senderID and none of their email gets through. I don't think many people will like the fact that for their email to be passed through the system it has to be okayed by Microsoft. Also add to the fact that MS does seem to understand the words "security" and "Internet" and this further dooms senderID.
have a deep-seeded hatred for such errors, they make me loose my mind.
Um, 'Deep seated' and 'lose'. Grammer flames must include an error - it's the law.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
OK, good point, I just got stuck on the first thing I noticed :)
No, people say things more like, "companies, like Microsoft, Hashcash, and Goodwill Systems, are more interested in making money off of the volume than in solving the problem." Microsoft has earned distrust again and again. It's not what they say, it's what they do that counts. People can see and remember how Microsoft performs. That they rarely do what they say is more of the same as well.
Microsoft's junk is patent encumbered and is not suitable as a standard. That would apply regardless of the company.
In Microsoft's case, it's more outrageous because their software has already failed to compete in the marketplace. Sendmail, Exim and others are what moves email and M$ has nothing to do with it. Indeed, their greatest success produces generates 80% of the world's spam. This bout of standards manipulation is an attempt to foist inferior software onto people with better judgement and charge them for the mistake.
I'd be happier if they concentrated on fixing whats broken rather than breaking what other people do that works. They are the problem, not the solution. Can you imagine what a field day the spammers would have if every mailserver was running some kind of M$ OS?
Friends don't help friends install M$ junk.
well, actually, maybe not, as this is exactly what he just did on here :D
If the protocol is open and widely adopted, it will be hard for it to move around too quickly. Oddly enough, changing standards is a well-known and documented Microsoft business practice. Strange that you would imply Open Source involvement would bring this about. If anything, Open Source projects tend to favor open protocols which tend to be easy to implement if not fairly slow-moving and stable.
A "level playing field" is where nobody has the advantage. Everyone plays by the same rules (whether some are more successful than others is an entirely different issue). What you've described is a playing field where someone gets to alter the rules to their advantage.
Who said anything about the GPL? And who even mentioned code? This isn't about licensing software. This an issue with the fundamental protocol involved. The common protocols today are truly open where anybody can adopt them. A none-too-subtle reason for their success and widespread adoption. If Microsoft wants their ideas to be as successful, their proposed protocol must also be just as open and available. Even if that means a competitor implements said protocol in a better product than theirs.
The scope of this issue is bigger than Microsoft. Sure, there are good business cases for trying to keep a handle on a piece of technology. But there are times that this can't happen. This is one such time.
SMTP is an open protocol, available to anyone who wishes to implement it - no cost, no restrictions. If Microsoft wishes to introduce a technology that will work in that environment and enjoy the same level of success, it will have to have the same level of openness and availability. Otherwise, their attempts will most likely fail.
The question is exactly what Microsoft's business case is. Are they trying to own a protocol or cut the costs of one of the most fundamental protocols used in IT today - by themselves as well as the rest of the world? If it is the former, then sure... there's no fault in what they're trying to do. But at the same time, I wouldn't be willing to listen to them. But if the case is the later, then there is certainly fault in their methodology.
Old tribal wisdom says that when you discover you are riding a dead horse, the best strategy is to dismount. Businesses, however, often try other strategies. These include...
1. Buying a stronger whip.
2. Changing riders.
3. Saying things like "This is the way we always have ridden this horse"
4. Appointing a committee to study the horse.
5. Arranging to visit other sites to see how they ride dead horses.
6. Increasing the standards to ride dead horses.
7. Appointing a tiger team to revive the dead horse.
8. Creating a training session to increase our riding ability.
9. Comparing the state of dead horses in today's environment.
10. Change the requirements declaring that "This horse is not dead".
11. Hire contractors to ride the dead horse.
12. Harnessing several dead horses together for increased speed.
13. Declaring that "No horse is too dead to beat."
14. Providing additional funding to increase the horse's performance.
15. Do a CA Study to see if contractors can ride it cheaper.
16. Purchase a product to make dead horses run faster.
17. Declare the horse is now "better, faster and cheaper."
18. Form a quality circle to find uses for dead horses.
19. Revisit the performance requirements for horses.
20. Say this horse was procured with cost as an independent variable.
21. Promote the dead horse to a supervisory position.
We have a winner!
(Actually, I use so-called scare quotes as an short-cut for "so-called".)
FP.
Also FatPhil on SoylentNews, id 863
That's not true. The MS licence is NOT compatible with a BSD licence, or with any open source licence. The licence is incompatible with both the Open Source Definition and the Free Software Definition. And that's why Sender-ID was rejected as a standard the first time through.
Specifically, the problem is that if you want to run an open source MTA that contains microsoft's patent-pending algorithm, then you have to first execute a signed licence agreement with Microsoft. And that means the MTA is not open source. The most fundamental freedom provided by any free or open source program is the freedom to run the program, for any purpose, without getting first getting permission. The fact that you don't have to pay MS money to get permission does not make it "free" or "open".
Doug Moen
I have written a truly remarkable program which this sig is too small to contain.
> The real point of SPF and Sender ID is to make it hard
> for spammers to forge their "from" addresses
Neither SPF nor SenderID can do that without new email client software to use them, and then these specification do not specify how the info is communicated to the email client.
Both specifications DO NOT check the RFC822 "From" header, so there's no problem "forging" that, and that is what all current email clients display. SPF checks the SMTP envelope from. SenderID checks the "PRA" which is something derived in a somewhat complicated way from the email headers, and MS thinks it should be required to match the sending server because probably that is how MS does email, so everyone else should do the same.
Anyway, it is trivial to use a "sender" header with matching envelope from that passes SPF (through registering a throwaway domain, possibly with stolen credit card number) and use whatever from header one wishes.
BTW, in the older MS "CallerID for email" proposal they wanted to include a requirement that a domain owner has to keep old server info in the CllerID DNS record several months after stopping using the server. So I think this tells us how MS thinks the info should be communicated to the email client (the client performs its own tests, even if several months passed since the email was received...)
And forget about these schemes stopping spam. They will not, and they are not designed to do this. They were supposed to make it harder to forge the "from" field, but they fail even in this unless the way email clients display email is changed, and a standard is created for the email server to communicate sender validation info to the email client.
It takes 2 to tango! ALOAHA promotes SPF and Sender ID as complementary technologies! ALOAHA SPAM Rejecter is the first recognized Windows based AntiSPAM Solution which makes SPF and Sender ID available as freeware for all windows based Servers such as Microsoft Exchange, Lotus Notes, iMail and others. ALOAHA, a Madrid, SPAIN-based email protection organization, has begun shipping free versions of SPF (Sender Policy Framework) and Sender ID as well as a POP3 Connector as part of its larger AntiSPAM Framework which is able to protect basically all Windows based Mailserver. "I applaud Aloaha for releasing a solution which supports both SPF and Sender ID. Sender authentication promises to be a major advance in the war on spam, and Aloaha's timely support for these emerging standards leverages the existing base of hundreds of thousands of existing records to offer better spam protection for their customers," said Meng Weng Wong, CTO and Founder of Pobox.com and author of SPF To get the freeware modules, companies must download the free, 30-day trial version of Aloaha. However, modules like SPF and RBL Lists will continue to be fully operational for free even if no licenses are being purchased after 30 days. ALOAHA and its Modules work on every Windows based Mailserver such as Microsoft Exchange, Lotus Notes and iMail. Due to its innovative transparent proxy design Aloaha rejects SPAM before it reaches the SMTP Server. Optional the customer can also opt to use it as a SINK Plug-in in Microsoft Exchange or Internet Information Server. According to Aloaha CEO Frank Hellmann, Aloaha includes a number of anti-spam features in addition to the SPF and other DNS based modules. For example, incoming emails are checked against Active Directory or other Databases to verify if the recipient exists in the organization. Aloaha brings along also other innovative technologies like relaxed greylisting to the Mailserver. "With thousands of downloads we will contribute our share to help to stop the global SPAM Problem" Hellmann said. "Of course we hope that some of these downloads actually will become paid installations" he added later. Contact Information: Frank Hellmann Aloaha email: info@aloaha.com
+++ Dont bother to SPAM me