Sender ID will not protect you from Spam
By IT-Observer Staff
Monday, 4 July 2005 18:47 EST



Microsoft corporation recently announced it will more heavily utilize its Sender ID technology when filtering email send to Hotmail. Microsoft guarantees its new technology will eliminate the number of junk emails in Hotmail services by making it difficult for spammers to forge email headers and addresses, however the truth is a bit different.

Sender ID allows organizations to publish records indicating which servers or networks are approved for sending email from their domains. The technology uses a database with mail servers’ unique numeric addresses to verify the message was actually processed by one of those mail servers.

"The biggest misunderstanding about Sender ID is that it's a general anti-spam solution," said Rich Olson, CEO of SpamButcher. "It's not, and Microsoft doesn't claim that it is. Its main purpose is to certify that an email message actually came from the claimed sender."

"Sender ID is useful for organizations with a high risk of fraud and a tightly controlled IT infrastructure," Olson said. "For many companies, limiting outgoing email to a few servers or networks isn't practical. Employees who work at home, or are 'road warriors' commonly have to send email through alternate servers. For these companies the value of Sender ID is greatly diminished."

Domain owners can configure Sender ID to allow any network address to send email for them. In this case, Sender ID does not provide an effective way to validate the sender. Out of existing domains that have implemented Sender ID, a large portion of their records don't place restrictions on what networks or servers are valid to send email from.

"Users looking for an anti-spam solution are still best served by a client-side spam filter application like SpamButcher," Olson said. "By using client-side filtering, users can easily adjust preferences, and review any filtered messages."