Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
GPS Devices
Promotional Products
Car Donations
Memory Upgrades
Corporate Awards
Web Design
Online Shopping
Online Education
Disney World Tickets
Imprinted Gifts
Corporate Gifts
Desktop Computers
Computer Hardware

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Sender ID Declines, Domain Keys Shines

Hyper-V: The Killer Feature in Windows Server 2008
It's fair to say that while many of the other new features are evolutionary, Hyper-V, by contrast, is revolutionary. Paul Rubens explores Microsoft's big step into virtualization. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Reduce Complexity and Costs with Microsoft Identity and Access Solutions
Your organization depends on making digital information accessible to a broad spectrum of users over range of devices and networks. Register now for free Identity and Access Solutions from Microsoft. »

Virtualization from the Data Center to the Desktop
Integrated virtualization solutions from Microsoft can help you meet evolving demands more effectively as you transform your IT infrastructure from a cost center to a strategic business asset. »

Related Articles
More On Where Your E-Mail Went
The Internet Ate My E-Mail
Is IT Winning Battle Against Spam?
Think Globally, Block Locally
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Download: SQL Backup & DBA Best Practices eBook. Future Proof Your DBA Career and make the most of your office hours. Get this download now to learn how.

Sender ID Declines, Domain Keys Shines
September 28, 2004
By Brian Livingston

Brian Livingston Microsoft isn't getting everything it wants these days, and this month provides yet another example. In the space of a few days, its "Sender ID" proposal to identify legitimate e-mail was voted down by an Internet standards body and rejected by the world's largest Internet service provider (ISP), America Online (AOL).

That reversal of fortune gives a backhanded boost to "Domain Keys," a competing and arguably superior proposal supported by and other Web players.

Since both protocols are billed as fighting the evils of identity theft, phishing, and spam — a cleanup that only ne'er-do-wells would oppose — it's fair to ask whether the public humiliation for Sender ID may actually have the good outcome of hastening the adoption of Domain Keys as a single, unified standard.

Much Ado About E-Mailing

I analyzed Domain Keys, Sender ID, and a third proposal, SPF, in this space on April 26, 2004. All three protocols grapple with the fact that anyone can make any e-mail message appear to be coming from any address they like. The three specs go their separate ways from there:

SPF. Sender Policy Framework is a simple principle that's been promoted for many months by Meng Wong, the CTO of the e-mail service. Owners of domain names, such as, would announce in the World Wide Web's registry a list of Internet Protocol (IP) addresses that are authorized to handle mail related to their domains. E-mail messages could not contain a "bounce" address that didn't correspond to one of the IP addresses on the list. This would prevent spammers from sending out e-mails, some of which would bounce back to whomever they picked as their victim (a harassment technique known as a "Joe job").

Sender ID. Microsoft's proposal began life as "Caller ID for E-Mail." The name was later changed to "Sender ID" when Microsoft accepted the SPF concept into its own proposal. In addition to checking that a message's "bounce" address is legit, e-mail recipients who checked for Sender ID compliance would verify that the domain name in the "from" address of each message was plausible. Recipients could reject messages that claimed to be from "" if they came from IP addresses that hadn't declared.

Domain Keys. Rather than verifying merely the "bounce" address and the "from" address, the Domain Keys proposal would also guarantee that the contents of the message hadn't been altered by anyone along the way. To accomplish this, each outgoing e-mail server would "sign" each message using a digital certificate. recipients could reject messages that didn't sync with a domain's centrally stored value in the World Wide Web registry.

The above summaries, of course, are oversimplifications of three quite technical proposals. But it's enough background to let us forge ahead on the main question: If you want e-mail to be reliable once again, and you're willing to implement a small change on your servers to help end spam, is Domain Keys the horse you should bet on?

One Small Step For a Server, A Giant Leap For Antispam

Miles Libbey, the antispam product manager for Yahoo Mail, naturally feels that Domain Keys' time has come. He ticked off several advantages Domain Keys has over both Sender ID and the original SPF proposal:

Real Authentication. "The original sender of the e-mail is authenticated," Libbey says of Domain Keys, "rather than the last server that touched the e-mail." Under the Sender ID proposal, the IP address of a sending e-mail server is checked. In the Domain Keys scheme, both the IP address of the sender and the digital signature of the sender's message must match.

Mail Forwarding Still Works. Unlike Sender ID, which Libbey says has tricky implementation issues for messages that are forwarded from one server to another, Domain Keys doesn't interfere with forwarding at all. "They don't have a good solution for forwarding," he asserts. "E-mail is a store-and-forward system," Libbey notes, and long-established practices must continue to work if any e-mail authentication spec is to gain acceptance.

It's The Reputation, Stupid. Merely checking that an e-mail comes from a known IP address won't eliminate spam or phishing. Spammers can easily buy cheap, disposable domain names (such as and send spam that really comes from that domain. Many consumers would still be fooled into revealing their passwords to phishing sites with such confusing names. Authenticating the source of e-mail messages must be combined with a reputation rating system that totes up positive scores for legitimate senders and negative ones for spammers. Yahoo has for more than two years operated such a rating service — SpamGuard — which Libbey says gives Yahoo a powerful tool to identify "good" senders and filter out "bad" senders.

Taking Hits Over The Performance Hit

One criticism that's been leveled against the Domain Keys proposal is that the digital signing of outgoing e-mail messages requires more CPU time than simply sending messages raw and unsigned, as it were. Domain Keys doesn't require the encryption of an entire message, but it does require the signing of a snapshot or "hash" of the message. This would inevitably consume some fraction of a CPU-second.

Fortunately for us, this question was thoroughly tested by Sendmail Professional Services, the company behind Sendmail, software that ranks among the world's most widely used e-mail server back ends.

In a benchmark report released last July, Sendmail's testers established that the signing of average-sized messages would reduce a server's potential e-mail handling only 7.8 to 15.2 percent. The adoption of Domain Keys could easily give back more processing power than that by merely denting the volume of spam that a company's servers have to analyze every day.

Domain Keys "will prove to be far more efficient than current methods of filtering and evaluating all messages," Sendmail said in its findings. It should be noted that Sendmail executives have, in the past, also endorsed the concept of Sender ID. Sendmail is expected to support a number of different protocols so mail administrators can implement the ones they prefer.

Who Wants To Play?

Microsoft's Sender ID proposal hasn't been dealt a death blow, but it's at least limping from the highly public Sept. 11 vote against it by a working group of the IETF (Internet Engineering Task Force) standards body. A co-chair of the group, Andrew Newton, said a patent application Microsoft has submitted regarding Sender ID was an issue. The Redmond company says it will license the intellectual property for free to anyone who pledges, among other things, not to sue Microsoft over patent claims.

Five days later, AOL let its views be known. The ISP said it wouldn't support Sender ID, partially because the current Microsoft proposal seems to have altered the nature of SPF from its original design. AOL has already posted SPF information for its own domains and says it will start rating SPF compliance as part of its spam-filtering formula, possibly as soon as the end of this year.

In response to questions about its recent political setbacks, a Microsoft spokesperson said in an e-mail that the company "is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis."

The spokesperson, who declined to be identified by name, added: "Microsoft has disclosed the existence of those pending patent claims and has provided its assurance that if such claims are granted Microsoft will make licenses available on reasonable and non-discriminatory terms."

Asked whether the company might revise its Sender ID proposal, perhaps to incorporate support for Domain Keys, the spokesperson replied: "Microsoft continues to believe complementary technologies such as signing solutions (of which Domain Keys is one) and computational proofs will be important to address other technical aspects of spam that these IP-based authentication mechanisms do not address."

An AOL spokesperson did not respond by press time to telephone calls seeking comment.


SPF temporarily represents a silver lining in the Internet cloud. Adding to your servers a small SPF-compliant text file would require very little time and might slightly improve your e-mail delivery success rate. Microsoft's own Hotmail and MSN e-mail services — as a first step toward a full-blown e-mail authentication scheme — will start giving brownie points to SPF-compliant e-mail this October or soon thereafter.

It's too early to tell whether Sender ID or Domain Keys will emerge as the winner to handle e-mail properties that SPF doesn't.

But it's not too soon to say that Domain Keys is a stronger proposal to clean up the e-mail mess than Microsoft's more limited and patent-entangled Sender ID.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live