New technology for identifying the sender of e-mail messages has not been widely adopted despite backing from software giant Microsoft Corp. and may not be effective at stopping unsolicited commercial e-mail, otherwise known as spam, according to a survey by e-mail security company CipherTrust Inc. . . .
A check of approximately two million e-mail messages sent to CipherTrust customers between May and July showed that only about 5 percent of all incoming messages came from domains that published a valid sender authentication record using Sender Policy Framework (SPF) or a newer standard, backed by Microsoft, called Sender ID. Within that 5 percent, slightly more is spam than legitimate e-mail, said Paul Judge, chief technology officer at the Atlanta company.

Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.

The link for this article located at Paul Roberts, IDG News Service is no longer available.