Microsoft Offers Anti-Spam Capabilities to Distinguish Legitimate E-Mail

REDMOND, Wash., and SAN BRUNO, Calif., May 5, 2004 — Microsoft Corp. and IronPort Systems Inc. today announced initial success with the Bonded Sender Program, IronPort’s legitimate e-mail sender program to reduce the deluge of unwanted e-mail sent to Microsoft®
customers. For the past five months, Microsoft has worked with IronPort Systems’s Bonded Sender Program ( http://www.bondedsender.com/ ) legitimate e-mail sender program on its MSN® and MSN Hotmail®
platforms. The Bonded Sender program, powered by IronPort and certified by TRUSTe, identifies legitimate senders of e-mail based on their adherence to program standards and the posting of a financial bond.

Programs such as safe lists reputation, rating and e-mail accreditation have emerged to help prevent good e-mail from accidentally being blocked by filters. Such programs reinforce the importance of allowing legitimate marketers to communicate with their customers and help ensure that customers can correspond with institutions and organizations such as banks, political groups and retailers. These approaches are the inverse of the early e-mail-blocking lists and avoid many of the pitfalls associated with those lists. Microsoft continues to evaluate a variety of programs for potential implementation on its MSN and Hotmail platforms.

“Because spam is our e-mail customers’ No. 1 complaint today, our technology arsenal must include a process that works in tandem with our filters to differentiate good e-mail from junk e-mail,” said Ryan Hamlin, general manager of the Anti-Spam Technology and Strategy Group at Microsoft. “Bonded Sender is an example of a program that effectively raises the bar on conduct for good e-mail senders, while simultaneously helping recipients such as Microsoft identify important messages that consumers have requested.”

Sender identity and reputation are the cornerstones of the next generation of e-mail systems. The root cause of today’s e-mail headaches stems from the anonymity of today’s e-mail protocol SMTP. Next-generation e-mail infrastructure will use sender identity and reputation to dynamically implement e-mail policy. The system is similar to a credit rating service: The more suspicious a sender appears to be, the more restricted the access to the receiver’s network. Bonded Sender is a critical part of IronPort’s sender reputation service; it allows legitimate e-mail sources to easily identify themselves so they don’t get caught in increasingly aggressive spam filters.

With certification systems, e-mail recipient networks determine an e-mail message’s status using a process similar to that of a conventional domain name system (DNS) query. The receiving e-mail gateway sends a simple query to the program to identify the Internet Protocol (IP) addresses of program participants, one part of an e-mail message that is nearly impossible to forge.

For example, Bonded Sender provides Internet service providers (ISPs), enterprises and other recipient networks with the IP addresses of Bonded Sender participants. Recipients can use this information to validate sources of inbound e-mail and reduce false positives (legitimate e-mail mistakenly filtered).

“The Bonded Sender Program allows legitimate senders of e-mail to identify themselves and avoid delivery problems,” said Scott Weiss, CEO of IronPort Systems. “We are pleased to have Hotmail and MSN join our community of over 28,000 organizations that are using sender identity and reputation as the ultimate weapon in the battle against spam.”

For the Bonded Sender program, certification, third-party oversight and dispute resolution services are provided by TRUSTe, the online privacy leader known for its Web site certification program. TRUSTe monitors sender complaint rates and audits compliance with program standards. To qualify for Bonded Sender status, participants must meet a strict set of best practices for sending commercial e-mail that exceeds standards set forth in the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) and must demonstrate a history of good sending behavior derived from recipient feedback. Once certified, senders post a financial bond and undergo TRUSTe monitoring of compliance with program standards and complaint rates. To make certain that only legitimate e-mail is sent through Bonded Sender, a sender’s bond is debited when end-user complaints exceed a certain threshold.

“So far we have been successful in applying rigorous standards and meaningful complaint rates to identify legitimate senders,” said Fran Maier, executive director of TRUSTe. “The process is working: Some senders are not able to get into the program, some are being debited due to excessive complaint rates, and all are being watched carefully — benefiting consumer inboxes.”

Microsoft continues to invest heavily in anti-spam research and development and to look at innovative ways that technology can contribute to helping solve the spam problem. Microsoft believes that solving the problem will require a coordinated approach including advanced technology, industry self-regulation, consumer education, effective legislation and targeted enforcement against illegal spammers. The company remains committed to working with customers, partners, industry, government and law enforcement around the world to help put an end to spam. More information on Microsoft’s overall anti-spam approach can be found at http://www.microsoft.com/presspass/newsroom/security/safety/ or http://www.microsoft.com/spam/ .

About IronPort Systems

IronPort Systems is the leading e-mail infrastructure products and services provider for organizations ranging from the largest Internet service providers to Global 2000 corporations to small and medium enterprises. The company has developed a family of products called Messaging Gateway (TM) appliances that offer breakthrough performance, unprecedented ease of use and reduced total cost of ownership. Additionally, IronPort Information Services, Bonded Sender ( http://www.bondedsender.com/ ) and SenderBase ( http://www.senderbase.com/ ) help guarantee the delivery of legitimate e-mail and thwart the voluminous threat of unsolicited commercial e-mail (UCE), or spam. Together these services form the core of SMTPi, IronPort’s initiative to make e-mail more reliable and secure by extending SMTP to include e-mail sender identity and reputation. For more information on IronPort products and services, visit http://www.ironport.com/ .

About TRUSTe

TRUSTe is the leading online privacy brand. Founded in 1997, TRUSTe maintains the largest privacy seal program with over 1,300 Web sites certified throughout the world including AOL, Microsoft, IBM, Nationwide and the New York Times. Its seal programs are considered Safe Harbors for the Children’s Online Privacy Protection Act (COPPA) and the EU Safe Harbor Framework. As an independent, nonprofit organization, TRUSTe is dedicated to enabling individuals and organizations to establish trusting

relationships based on respect for personal identity and information in the evolving networked world. TRUSTe’s mission extends standards, certification and oversight into wireless and into e-mail with the Bonded Sender program. For more information on TRUSTe please visit www.truste.org/ .

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft, MSN and Hotmail are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .

Related Posts