Sender ID Framework Demonstrates Positive Results for E-Mail Authentication

REDMOND, Wash., March 2, 2005 — Microsoft Corp. today released initial results gathered from its implementation of the Sender ID Framework (SIDF), an e-mail authentication technology protocol that helps address the problem of domain spoofing (a tactic commonly used in spam and phishing scams) by verifying the domain name from which e-mail is sent.

Based on more than two months of deployment on the MSN® Hotmail®
Web-based e-mail service and data gathered from hundreds of thousands of customers participating in the Hotmail Feedback Loop program, Microsoft has validated that the use of SIDF to check incoming e-mail enhances spam filtering and helps better protect customers’ inboxes from spam while helping ensure that legitimate e-mail gets through.

Microsoft’s estimates indicate the following facts for all e-mail sent to MSN Hotmail customers in the Hotmail Feedback Loop program:

  • More than 750,000 domains are already publishing Sender Policy Framework (SPF) records, the method used within the Sender ID Framework for identifying a sender’s authorized outbound e-mail servers.

  • Approximately one-fifth of all e-mail sent to participants purportedly originated from a domain that has published an SPF record.

  • Domain spoofing attempts are detected in nearly a quarter of all e-mail purportedly sent from SPF-publishing domains.

As a result of the growing adoption of SIDF worldwide, Microsoft has found notable improvements in the accuracy of its SmartScreen (TM) filtering process. By using a combination of Microsoft®
SmartScreen and other technologies, MSN Hotmail is catching approximately 3.2 billion spam messages per day.

“Our implementation of the Sender ID Framework is providing clear evidence of its value to e-mail users and ISPs looking to help protect their customers from spam, legitimate e-mail senders looking for more reliable delivery of their e-mail, and corporations looking to protect their brand and domain,” said Ryan Hamlin, , general manager of the Safety Technology and Strategy Group at Microsoft. “We believe Sender ID is a valuable first step in the industry’s efforts to deliver robust authentication technologies and are pleased to see that it is already dramatically improving our ability to help protect our customers from unwanted spam and malicious e-mail scams.”

SIDF adoption momentum is quickly growing. A number of organizations in the past few months have announced their plans for SIDF support by encouraging industry adoption, publishing their own records, or offering specific products and services that support the SIDF, from e-mail applications to anti-spam appliances and services.

“We believe Sender ID is an important e-mail authentication technology to address the growing spam problem, and our members are already seeing the benefits in their own implementation,” said Trevor Hughes, executive director of the Email Service Provider Coalition. “We continue to strongly encourage e-mail senders worldwide to publish Sender ID records immediately to help promote the deliverability of their mail and to join the broader industry effort to better protect e-mail users worldwide from spam and phishing scams. This is a simple and effective step to help protect themselves, their customers and shareholders.”

“With phishing scams, identify theft and privacy abuses on the rise, Sender ID represents a first and effective step to combat these threats,” said Paul Judge, chief technology officer of CipherTrust Inc. “We are proud to be delivering IronMail e-mail security solutions with Sender ID, and any business that is concerned about the integrity and reputation of its brand and identity should immediately be publishing its SPF records.”

More information about SIDF can be found at .

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at .

Related Posts