Loser : Microsoft

“Still, though Microsoft’s goals are good, it’s implementation needs work.” This was Philip E. Ross’s main point in his article “Loser: Microsoft to Spammers: Go Phish.”

In the article, Ross discussed the two spam e-mail countermeasures developed separately by Microsoft and the partnership of Cisco and Yahoo. Although he admitted that the systems developed – Sender ID by Microsoft and Domain Keys Identified Mail (DKIM) by Cisco/Yahoo – had their own advantages, he also confesses to believing that DKIM is the better anti-spam proposal. He goes as far as writing, “For our purposes, that makes Microsoft Corp. the loser.”

After discussing the difference between Microsoft’s and Cisco/Yahoo’s designs – a Sender ID verifies that an e-mail really came from where it claims to have come from by comparing the message’s Internet Protocol address from the IP address of its claimed origin; while DKIM tacks an encrypted digital signature to the e-mail’s header and this signature contains instructions on where to find the algorithm – Ross reveals the one great loophole to Microsoft’s Sender ID. It is not able to differentiate between spam and forwarded e-mail. And Ross says this can make or break Microsoft’s anti-spam system. As Ross says, the only way to get around Sender ID’s glitch is to cut and paste a message you plan to forward. But this, Ross explains, makes sharing harder; thus, possibly resulting to lesser people e-mailing.

Although Ross presents Cisco’s Jim Fenton’s claim that DKIM also has its own fault in that it is more easily confused by e-mail changes while in transit, he still has another negative comment on Microsoft. He mentions critics’ speculations that Microsoft may have other things in mind with the control of spam e-mails – speculations that may have stemmed from the company’s tight grip on Sender ID’s intellectual property.

Yet even with this presentation of arguments against Microsoft’s Sender ID, Ross still believes that the Redmond, Washington computer giant is serious about eliminating spam and that they have what it takes to come up with the standard in spam countermeasures. For now though, Microsoft’s intentions are not enough and they have yet to work towards polishing their processes.

Philip Ross made a well-informed article with “Loser: Microsoft to Spammers: Go Phish”. He was able to provide evidences to all his claims and was able to back-up his assumptions. But even with a fair presentation of both sides to Microsoft’s Sender ID, Ross still had the tendency to settle more on the negative side of the system. This was especially apparent when he brandished Microsoft as the “loser”, when a less negative term could have sufficed.

Ross’s points, though a little biased, were admittedly insightful. His mention of Microsoft’s attempt at secreting their anti-spam technology’s intellectual property does make one wonder why such a secrecy. I do hope that assumptions on the possibility of this technology being exploited will turn out to be not true – because true to Ross’ words, nobody wants to be strong-armed.

However, even I have to agree with Ross’s suggestion that perhaps Cisco and Yahoo can add Microsoft to their team and all three can work towards a stronger anti-spam system. Since the fight against spamming is not about one company’s supremacy over another but about making e-mail more reliable for all users, Cisco, Yahoo, and Microsoft must try to work together for the benefit of millions of e-mail users. And it was good that even Fenton and Microsoft’s Harry Katz concur that this is a good idea.

Philip Ross may have his own biases regarding Microsoft’s Sender ID and it was slightly apparent in the article. But his proposal for making the current situation better is indeed something that current industry bigwigs should look at.

Reference

Ross, Philip E. (2007). Loser: Microsoft to Spammers: Go Phish. In Spectrum Online. Retrieved September 28, 2007, from http://www.spectrum.iee