[what do the computing.net security dudes think?] http://news.bbc.co.uk/2/hi/technology/3492354.stm Row over how to junk spam Gates: Wants changes to net mail system Microsoft is proposing to stop spam by checking that messages are being sent by the person they claim to come from. The Caller-ID for e-mail idea is one of several proposals floated as a way to stem the rising tide of junk mail. The internet's engineering body has set up an emergency meeting to sift through the different proposals and draw up a network-wide solution. But some fear the competing proposals could cause confusion and spell the end of some widely-used net features. Broken net Spammers hide their location by using a false, or spoofed, address in the millions of messages they send out. Spam is the cholesterol of the internet, it is just clogging up everything Steve Raber, Ciphertrust Trusting Microsoft over security They can get away with this because mail servers only check if a domain mentioned in these spoofed addresses is known to be used by spammers. "Having e-mail come in, and not really being able to identify where it comes from, this is a huge security hole," said Bill Gates, Microsoft chairman, during a keynote speech at the RSA Security Conference where he unveiled the idea. Microsoft is proposing changes to the net's mail handling systems that will make organisations register the net addresses of their mail servers. When a message arrives, its domain will be checked to ensure that it originated where it said it did. If not it will be deleted. Microsoft said its Hotmail subsidiary will start registering its mail servers soon and it has been joined by Amazon and spam filtering firm Brightmail. Emergency meeting But many other companies are committing to the Sender Policy Framework, (SPF), which works in a similar fashion to Microsoft's Caller-ID idea. "Spam is the cholesterol of the internet," said Steve Raber, head of mail filtering firm Ciphertrust, "it is just clogging up everything." Viagra, herbal remedies and other drugs feature in spam SPF also involves checking e-mail to ensure that the address it uses is related to the net address it comes from. Almost 8,000 organisations have registered with the SPF co-ordinating body. Net portal Yahoo has proposed a different system called DomainKeys that uses encryption to prove a message's origins. The competing proposals have sparked worries at the Internet Engineering Task Force which oversees the technical development of the net. The IETF has convened a meeting that will sift through the proposals and try to work out a specification that the whole net can use. Without such intervention many fear that these spam-stopping systems could disrupt some well-known features of online life. Mail-forwarding systems that let people route e-mail through servers other than those run by their net service provider could suffer. News sites could be hit as the proposals could stop them letting readers e-mail stories to friends by clicking on a button.

I agree, something has to be done to stop spam. I have several email account, they all get spammed on a daily basis. I receieve on average about 200 pieces of spam a day. Its only getting worse each and every day... Tank863

Let them work out different proposals then let whoever look at them and arrive at a decision. Its got to be done somehow.

Sendmail MTA is already doing such origin "authentification" since several years. Microsoft engineer doesnt have to re-invent the wheel!! Most professional MTA have built-in tools to match headers information with MX or A record. Danny Larouche, CIW Inet Net+