Caller ID for E-Mail

In his keynote address at the RSA Conference 2004 today, Microsoft Corp. (NASDAQ:MSFT) Chairman and Chief Software Architect Bill Gates announced a detailed vision and proposals on how technology can be used to help put an end to spam, including outlining the company’s Coordinated Spam Reduction Initiative (CSRI) and technical specifications for the establishment of Caller ID for E-Mail.
To be more effective in the fight against junk e-mail, filters need additional information that is not available in e-mail messages today. Microsoft believes some relatively simple but systemwide changes to the e-mail infrastructure are needed to provide greater certainty about the origin of an e-mail message and to enable legitimate senders to more clearly distinguish themselves from spammers.
Existing spam filters look at an e-mail message’s origin to determine whether it is spam. However, there is currently no guarantee that an e-mail message came from whom it says it did. “Spoofing,” or sending e-mail purporting to be from someone it’s not, is an increasingly common and relatively simple way for spammers to trick filters. In addition, this practice can pose a security risk when used to deliver e-mail viruses.
Microsoft has developed the Caller ID for E-Mail proposal to help eliminate domain spoofing and increase the effectiveness of spam filters by verifying what domain a message came from — much like how caller ID for telephones shows the phone number of the person calling. The proposal involves three steps to authenticate a sender:
1. E-mail senders, large or small, publish the Internet protocol (IP)
addresses of their outbound e-mail servers in the Domain Name System
(DNS) in a format described in the Caller ID for E-Mail specification.
2. Recipient e-mail systems examine each message to determine the
purported responsible domain (i.e., the Internet domain that purports
to have sent the message).
3. Recipient e-mail systems query the DNS for the list of outbound e-mail
server IP addresses of the purported responsible domain. They then
check whether the IP address from which the message was received is on
that list. If no match is found, the message has most likely been
Microsoft is moving ahead with plans for a pilot implementation of Caller ID for E-Mail in its Hotmail(R) service. Hotmail will begin publishing outbound IP addresses today and will begin checking inbound addresses early this summer. In addition, the company continues to work with others in the industry to test this proposal, including Inc., Brightmail Inc. and Sendmail Inc.
“ is working aggressively to combat spoofing on several fronts, and we are committed to collaborating with others in the industry to find effective solutions for the problem of spam,” said Larry Hughes Jr., senior manager for IT Security at “We look forward to working with Microsoft and others in the industry to test their proposals.”
“Most spammers disguise the source of their e-mail to evade spam filters and detection,” said Enrique Salem, CEO and president of Brightmail, a leading provider of anti-spam technology. “We are excited to join Microsoft in testing this new Caller ID for E-Mail technology to help promote the establishment of verifiable identity in e-mail. We believe that by combining verifiable identity with our Reputation Service, we will improve our best-of-breed anti- spam technology to help legitimate e-mail get delivered while helping keep spam out of users’ inboxes.”
“Authenticated sender technologies like Microsoft’s caller ID are essential to help address fraud and spam in Internet e-mail,” said Eric Allman, CTO at Sendmail. “The key to ensuring that these types of technologies are successful is widespread adoption. Sendmail’s millions of users — including more than 70 percent of the Fortune 1000 — substantially increase the deployment of such technologies. We are excited to work with Microsoft in promoting the acceptance of caller ID as an open standard on the Internet.”
More information on Microsoft’s overall anti-spam approach can be found at Detailed technical specifications for the CSRI and Caller ID for E-Mail proposals are available for public review and comment at