The Register says that email authentication is gaining steam, but I am wondering who is going to arbitrate the standards infighting.

Yahoo has consistently pushed its DomainKeys, and now processes more than a billion messages a day signed with the measure. Meanwhile, Microsoft’s Sender ID (with its shaky past) could make a “comeback” now that MS is chasing outsourced hosting strategies.

Will be interesting to hear how the battle progresses.

A marketing trade group starts requiring its members to use authentication, but Techdirt says its a joke that only leads to more problems.

I don’t have much of an opinion on it either way, as the whole authentication battle seems like a bunch of monkeys in a barrel. But I seem to have been effected by Microsoft’s moves with Sender ID.

I am a Comcast SMTP user, and I can’t get any mail through to Hotmail or MSN addresses anymore. The secure help section at Comcast says they and MS are “working on the issue.” Is this problem a result of Microsoft requiring Sender ID compliance with Hotmail/MSN, or am I missing something big here?

Sender ID has been the subject of controversy for some time. It started with a bunch of promises, and since then Microsoft has attempted to force everyone’s hand.

All the while, its originator, Meng Wong, sitting in the middle.

Email Battles recently interviewed Wong, creator of SPF (the precursor to Sender ID), and it seems he is none too happy about the situation.

The battle continues in the fight for authentication standards. Microsoft recently made their “proprietary” offering, Sender ID, standard fare for Hotmail, but Sender ID’s sketchy beginnings made me question whether it would ever really take hold as a strategy for making it the norm everywhere. What starts bad rarely ends good.

Now, a proposal is being considered over at the Internet Engineering Task Force which may further douse the flames of Sender ID. Some engineers think Sender ID conflicts with SPF, another authentication standard in experimental mode right now, and that Sender ID should just be stopped.

My opinion is this: adopt an authentication standard that is royalty free forever, based on open standards, under a licensing scheme that requires 100% interoperability at all times. Enough said.

I don’t really get this, so I am looking for a little input.

Microsoft is cramming Sender ID down everyone’s throat by making it a requirement for legitimate messages in Hotmail; meanwhile better than 80% of spam already uses some authentication scheme (including, in cases, Sender ID).

Please help me here. What is Microsoft thinking?

Paul Murphy over at CIO Today put together an interesting piece on the ubiquity of authentication, the jurisdictional and timing issues involved with nabbing phishers, and some of the underlying reasons why the powers that be don’t just stop the problem in its tracks. But hope is on the horizon, from an unlikely source.

Authentication of email sources is off-the-shelf technology, the problem is nobody uses it. If identification was made of an email’s source at the point it entered the network, it would be easy to shut that source down. Murphy contends, if the process becomes unprofitable, it will simply stop. Unfortunately, that means billions less in sales to companies like Cisco, Microsft, and Symantec, all of which have much to gain from ongoing problems.

As for catching the crooks, well that story has pounded so hard at Spamroll that my fingers are blue. Mr. Murphy says “the thieves are long gone before the authorities can jump through the hoops needed to get enforceable cooperation by those concerned.” Best wishes to the 100,000 names on that missing Berkelely laptop (see Data Stolen from Berkeley, again).

What unlikely candidate could put the kabosh on the problem, and reap the rewards in between? One time heavy-hitters Lucent and Avaya, that’s who. Lucent and its child build much of the equipment used to carry VOIP traffic. And caller ID, now taken for granted on traditional communications lines, is easy to spoof on VOIP networks. But if folks like Lucent light up authentication on their equipment by default, others carrying internet bandwidth will be forced to do the same (or get a lot of fingers pointed at them in blame).

Again, this is all Paul’s thoughts. One thing that is for certain - his theory on spamming the spammers is sure to garner some attention (and misinterpretation). Don’t think so, well then catch the latest on IBM’s FairUCE, or catch Spamroll’s view of it here: IBM hopping on the spam vigilante bandwagon? I don’t think so.

It will be interesting to see how authentication shapes up, along with legislation designed around catching crooks more swiftly. Meanwhile, catch Paul’s entire article on the matter over at NewsFactor Network: Phishing, VoIP and the Market Response.

In Solutions from PC Magazine: The Spam Stoppers, it is suggested that Sender ID actually enables spam.

I am not following, so someone please explain it to me.

Isn’t Sender ID is an authentication mechanism? If the email does not come from who it says it is from (i.e. forged), then the email is processed in an alternative fashion (discarded, flagged, returned, etc.).

So how does that enable spammers. If they can fool sender authentication, then they probably have very sophisticated forging techiques to work with. Sender ID is not aiding and abetting - it just isn’t working.

I am not for or against Sender ID per say, I’m just sitting on the fence. When I understand how originating IP addresses are going to be efficiently validated against domain information (in a logical fashion, considering our increasingly mobile, multi-device world), then maybe I will take a stand.

But what I won’t do is poo poo the idea, just for the sake of it.