Language Selection

English French German Italian Portuguese Spanish

Antispam proposals advance

Filed under
Security

The Internet Engineering Steering Group (IESG), a division of the Internet Engineering Task Force (IETF), said it would publish two competing and overlapping sets of documents that define ways of confirming that e-mail senders are who they say they are.

The experimental Requests for Comment (RFCs)--Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail and Sender ID: Authenticating E-Mail--have been the subject of intense jockeying by Microsoft, America Online and others.

Critics have accused Microsoft of trying to strong-arm the industry into accepting Sender ID. Concerns over Microsoft's Sender ID-related patents have alarmed some involved in setting standards, and last year the IETF let a Sender ID working group expire.

"While many proposals for domain-based authorization have been under consideration, no consensus has yet been reached concerning a single technical approach," the IESG said in a statement. "The IESG does not endorse either of the two mechanisms documented in the experimental RFCs--their publication is intended to encourage further discussion and experimentation in order to gain experience that can be used to write future standards in this space."

Microsoft said that despite the expiration of the Sender ID working group in September, the approval of the experimental RFCs showed that its technology is alive and well in the standards-setting process.

"We think this is great," said Samantha McManus, business strategy manager for Microsoft's technology care and safety group. "We're glad to see Sender ID's experimental status, and we think e-mail authentication is very important for addressing spam and phishing. That said, we definitely have more to do."

Full Story.

More in Tux Machines

today's leftovers

Leftovers: OSS and Sharing

Security Leftovers

  • Chrome vulnerability lets attackers steal movies from streaming services
    A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.
  • Large botnet of CCTV devices knock the snot out of jewelry website
    Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices. The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.
  • Study finds Password Misuse in Hospitals a Steaming Hot Mess
    Hospitals are pretty hygienic places – except when it comes to passwords, it seems. That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff. The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.
  • Why are hackers increasingly targeting the healthcare industry?
    Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack. In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identify theft. This personal data often contains information regarding a patient’s medical history, which could be used in targeted spear-phishing attacks.
  • Making the internet more secure
  • Beyond Monocultures
  • Dodging Raindrops Escaping the Public Cloud