"Spam is our e-mail customers' No 1 complaint today, and Microsoft is innovating on many different fronts to eradicate it," Microsoft Chairman Bill Gates said in his keynote speech at the 2004 RSA Conference in February. "We believe that Caller ID for E-Mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business."
CSRI, said Microsoft, would seek to create more effective filtering and a key part of this would be the Caller ID for E-Mail proposal. This was designed to help eliminate domain spoofing – where the origin of a message is disguised by forging the sender addresses in the e-mail using someone else's domain name - and increase the effectiveness of spam filters by verifying what domain a message came from.
Authentication of a domain would involve three steps:
E-mail senders, large or small, publish the Internet Protocol (IP) addresses of their outbound e-mail servers in the Domain Name System (DNS) in a format described in the Caller ID for E-Mail specification.
Recipient e-mail systems examine each message to determine the purported responsible domain (i.e. the internet domain that purports to have sent the message).
Recipient e-mail systems query the DNS for the list of outbound e-mail server IP addresses of the purported responsible domain. They then check whether the IP address from which the message was received is on that list. If no match is found, the message has most likely been spoofed.
The Caller ID specification has now been put forward to the Internet Engineering Task Force as part of a proposed worldwide internet standard called Sender ID, which is designed to tackle spoofing.
Amazon.com, Brightmail and Sendmail committed to supporting the venture from the start, and yesterday VeriSign, the .com registry, announced that it would work to integrate the Sender ID Framework specifications into VeriSign's E-mail Security Service.
However, on the same day that news broke of the Microsoft initiative, F Scott Deaver, of small software company FailSafe Designs, published an angry statement on his company web site.
This claimed that he holds copyrights in concept of "Caller ID for E-mail", that he filed a trade mark application for "Caller ID for E-mail" on 6th March 2003, and that he has owned the "CallerIDforEmail.com" domain name since September 2002.
In addition, said Deaver, provisional and utility patent applications were filed in support of the methods and implementation behind Caller ID for E-mail in January 2003 and January 2004, and alpha and 14 beta versions of the software have been published on site for almost two years.
"Despite all of this," said the statement, "on February 24, 2004 Bill Gates and Microsoft with careless disregard and full intent and knowledge announced their theft of the Caller ID for E-mail product name and attendant intellectual property as the centre piece of their hasty and ill-advised anti-SPAM campaign."
Deaver added, "we are aggressively pursuing the legal remedies available to us."
Microsoft has yet to comment.