Bill Gates announced last week an initiative called "Caller ID for E-mail", which is probably the first effective spam reduction internet protocol that stands a chance of being implemented. The proposal has been batted around for a few years now, under the general title of "DNS Reverse Mailserver [RMX] Record." It hasn't gone anywhere as it required some powerful entity to embrace and implement it, and now Microsoft has, as a critical part of an evolving spam/virus prevention system.
Currently, each Internet domain (e.g. interocitor.com) has a file posted on one of its computers, or at its ISP, identifying the IP address of its servers, so that the internet can tell where to send web requests bound to www.domain.com or email for joe@domain.com. The sum of all these files, along with the master list pointing to all these distributed lists, is called the Internet's Domain Name System.
What Microsoft proposes is to require a new record in each of these files, called an RMX record. This record will state which IP addresses are authorized to send mail FROM that domain. When mail from xxx.com comes to your ISP, bound for your inbox, your ISP would then query the RMX record for xxx.com, and see if the actual sender's IP address matches an authorized xxx.com server. A match failure would cause the message to bounce back instead of going into your mailbox. (Note that, due to the way the computers connect, if the message lies about its IP address, the connection will fail for other reasons.) Messages from domains that have no RMX record, of from domains that don't exist at all, would also be rejected.
This would prevent most address-forging, whether by spammers or by viruses, as a message from joe@smutware.co.uk that claims to be from niceperson@yahoo.com would be rejected because it came from some other source than yahoo.com's sendmail server(s). To be accepted it would have to be at some address at smutware.co.uk, and filtering that out would be a simple task. (Preventing badguy@yahoo.com from pretending to be goodguy@yahoo.com is left to Yahoo! to take care of.)
There are a few issues with this scheme and, up to now, these issues have prevented agreement of this scheme. The two most notable problems are certain comsumer ISPs awful Port 25 blocking scheme, which would have to be abandoned, and accomodating traveling users, most likely through "SMTP authentication" which is supported by all mail programs, but not by all ISPs. Now Microsoft is trying to force the issue.
As of now, Hotmail has posted its own RMX records for hotmail.com on its DNS servers, and somethime this summer Hotmail will reject any mail from any domain that does not also have RMX records published. It is working with Amazon.com and sendmail.com (a major mailserver software provider) to test the system. Whether Hotmail alone can force this change is still to be seen, but if a few other major players (e.g. AOL), join in it will be a done deal. At least Microsoft is trying.
UPDATE: Technical discussions of RMX here and here
ANOTHER UPDATE: It seems that Microsoft's CID is not quite the same as RMX, but it's the same basic idea. On the other hand, it's different enough that there may be problems.
So wait, if your mail server/ISP doesn't host an RMX record then hotmail and some of the other bigger players will just bounce it back?
Essentially lopping off domains who don't fall into lockstep with MS?
Man, why do I get a sense that Gates is going to find some way to make a buck off this?
If it kills mail forgery, he can have another billion or 6 for all I care. Note however, that he is working with Paul Vixie (who wrote UNIX sendmail) on this.
Adding an RMX record identifying your outgoing mailserver is a moments work for most independent ISPs. One line of text. And they'll all do it since it will eliminate about half their email load.
It will also prevent the current large ISP practice of cutting off their own users from those user's externally hosted domains. Google "Port 25 blocking"
Posted by: Kevin Murphy at March 5, 2004 05:36 PMMy mistake. Paul Vixie is the author of BIND (the DNS system program), not Sendmail, which he is, however, an authority on. Eric Allman wrote sendmail, and his company is the one working with Microsoft. Vixie also runs the Real-time Black Hole anti-spam service.
Posted by: Kevin Murphy at March 5, 2004 06:09 PM