現在地 HOME > 掲示板 > IT5 > 104.html ★阿修羅♪ |
|
Tweet |
http://biztech.nikkeibp.co.jp/wcs/leaf/CID/onair/biztech/gen/292502
米Microsoftは、スパム撲滅に向けた新たな取り組みについて米国時間2月24日に明らかにした。Microsoft社会長兼チーフ・ソフトウエア・アーキテクトのBill Gates氏がサンフランシスコで開催中の「RSA Conference 2004」で基調講演を行い、同社の構想「Coordinated Spam Reduction Initiative(CSRI)」と、電子メールに関する新たな技術仕様「Caller ID for E-Mail」について説明したもの。
Gates氏は、「当社に寄せられるクレームの中で最も多いのがスパムだ。Caller ID for E-MailとCSRIによって、スパム業者の存続を可能にしている経済モデルを覆したい」と述べた。
CSRIは、業界全体を視野に入れた長期的な構想で、次の3つを主要な柱とする。
1.電子メールの送信元を認証できるCaller ID for E-Mail仕様の策定
2.商用電子メールを大量に送信する大企業を対象とした、電子メール送信に関するポリシーの確立
3.商用電子メールを限定的に送信する小企業が、スパム業者でないことを証明できるシステムの確立
スパムを効率的に取り締まるには、フィルタリングの際により詳しい情報が必要だという。同社は、この新たな情報を電子メールに付加するために、電子メール・インフラ全体に若干の変更を加えることを提案している。
既存のスパム・フィルタは、電子メールの発信元情報をみて、スパム・メールかどうかを判断しているが、スプーフィング(なりすまし)によってフィルタをくぐり抜けるスパム業者が多いのが現状である。
そこでMicrosoft社は、電話のコーラーIDに類似した技術の導入を提案している。電子メールの送信者は、Caller ID for E-Mail仕様に基づいて、電子メールを送信するサーバーのIPアドレスをDNSに公開する。そして受信する側のシステムは、各メールを送信したサーバーのIPアドレスをDNSに照会し、そのIPアドレスが実際に存在するかを確認するという仕組みである。
Microsoft社は、Caller ID for E-Mailを同社のメール・サービス「Hotmail」で試験的に実装する。送信するメールのIPアドレスを同日より公開し、受信するメールのチェックは今夏より開始する予定である。
Bill Gates Outlines Technology Vision to Help Stop Spam
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-24-2004/0002115874&EDATE=
MICROSOFT LOGO
Microsoft company logo. (PRNewsFoto)[AG]
REDMOND, WA USA 09/09/2003
Microsoft Outlines Policy and Technical Proposals Aimed at Helping Contain The Spam Problem, Including the Development of Caller ID for E-Mail
SAN FRANCISCO, Feb. 24 /PRNewswire-FirstCall/ -- In his keynote address at the RSA Conference 2004 today, Microsoft Corp. (Nasdaq: MSFT) Chairman and Chief Software Architect Bill Gates announced a detailed vision and proposals on how technology can be used to help put an end to spam, including outlining the company's Coordinated Spam Reduction Initiative (CSRI) and technical specifications for the establishment of Caller ID for E-Mail.
(Photo: NewsCom: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
"Spam is our e-mail customers' No. 1 complaint today, and Microsoft is innovating on many different fronts to eradicate it," Gates said. "We believe that Caller ID for E-Mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business."
To be more effective in the fight against junk e-mail, filters need additional information that is not available in e-mail messages today. Microsoft believes some relatively simple but systemwide changes to the e-mail infrastructure are needed to provide greater certainty about the origin of an e-mail message and to enable legitimate senders to more clearly distinguish themselves from spammers.
CSRI is Microsoft's long-range industry plan for dramatically reducing spam through technology. It is based on three proposals to better enable effective filtering:
-- Establish a verifiable identity in e-mail through a caller-ID approach
-- Enable high-volume e-mail senders to demonstrate their compliance with reasonable e-mail policies
-- Create viable alternatives for smaller-scale e-mail senders to distinguish themselves from spammers
Caller ID for E-Mail
Existing spam filters look at an e-mail message's origin to determine whether it is spam. However, there is currently no guarantee that an e-mail message came from whom it says it did. "Spoofing," or sending e-mail purporting to be from someone it's not, is an increasingly common and relatively simple way for spammers to trick filters. In addition, this practice can pose a security risk when used to deliver e-mail viruses.
Microsoft has developed the Caller ID for E-Mail proposal to help eliminate domain spoofing and increase the effectiveness of spam filters by verifying what domain a message came from -- much like how caller ID for telephones shows the phone number of the person calling. The proposal involves three steps to authenticate a sender:
1. E-mail senders, large or small, publish the Internet protocol (IP) addresses of their outbound e-mail servers in the Domain Name System (DNS) in a format described in the Caller ID for E-Mail specification.
2. Recipient e-mail systems examine each message to determine the purported responsible domain (i.e., the Internet domain that purports to have sent the message).
3. Recipient e-mail systems query the DNS for the list of outbound e-mail server IP addresses of the purported responsible domain. They then check whether the IP address from which the message was received is on that list. If no match is found, the message has most likely been spoofed.
Microsoft is moving ahead with plans for a pilot implementation of Caller ID for E-Mail in its Hotmail(R) service. Hotmail will begin publishing outbound IP addresses today and will begin checking inbound addresses early this summer. In addition, the company continues to work with others in the industry to test this proposal, including Amazon.com Inc., Brightmail Inc. and Sendmail Inc.
"Amazon.com is working aggressively to combat spoofing on several fronts, and we are committed to collaborating with others in the industry to find effective solutions for the problem of spam," said Larry Hughes Jr., senior manager for IT Security at Amazon.com. "We look forward to working with Microsoft and others in the industry to test their proposals."
"Most spammers disguise the source of their e-mail to evade spam filters and detection," said Enrique Salem, CEO and president of Brightmail, a leading provider of anti-spam technology. "We are excited to join Microsoft in testing this new Caller ID for E-Mail technology to help promote the establishment of verifiable identity in e-mail. We believe that by combining verifiable identity with our Reputation Service, we will improve our best-of-breed anti-spam technology to help legitimate e-mail get delivered while helping keep spam out of users' inboxes."
"Authenticated sender technologies like Microsoft's caller ID are essential to help address fraud and spam in Internet e-mail," said Eric Allman, CTO at Sendmail. "The key to ensuring that these types of technologies are successful is widespread adoption. Sendmail's millions of users -- including more than 70 percent of the Fortune 1000 -- substantially increase the deployment of such technologies. We are excited to work with Microsoft in promoting the acceptance of caller ID as an open standard on the Internet."
Best Practices for Legitimate High-Volume Senders
Not all commercial e-mail is junk. Many regulated businesses including banks, brokerage firms and insurance companies rely on e-mail to contact their customers and provide information about their services. Other organizations such as airlines, news media and a variety of online retail services send legitimate e-mail to their customers. However, today there is no easy way for these businesses to distinguish themselves from spammers.
As outlined in its CSRI proposal, Microsoft supports the development of reasonable behavior policies for sending commercial e-mail, similar to the policies of behavior that organizations such as TRUSTe (http://www.truste.org/) and others have helped establish in the area of electronic privacy. Microsoft believes that once agreed-upon policies have been developed, independent e-mail trust authorities (IETAs) should be established to certify and monitor high-volume e-mail senders for compliance with such policies.
It is also Microsoft's view that organizations certified by an IETA as complying with good e-mail behavior policies should be easily recognizable by both filtering software and end users via safe lists or digital certificates. Spam filters can interpret possession of a certificate or membership on a safe list as strong evidence that the sender of the message is not a spammer, thus enabling the technology to better distinguish legitimate e-mail from spam.
Alternatives for Smaller Senders
Small organizations need an alternate and inexpensive method to avoid having their e-mail classified as spam, since e-mail policy compliance would necessarily be costly. To address this issue, Microsoft proposes that noncertified organizations pay in computer cycles instead of cash.
Spammers send millions of messages every day to be profitable because response rates are so low, so their computers spend only a small fraction of a second processing each message. In a spammer's economic model, spending even five or 10 seconds per message could be prohibitively expensive. Smaller organizations, however, that send low volumes of e-mail generally have an abundance of computer processing power available. Although they can't afford to spend cash for a certificate, they can afford to spend a few seconds on each message.
Microsoft has developed a way for noncertified senders to prove that they have indeed spent a few seconds of computer processing time on each message. Spam filters can then recognize that a sender is not a spammer because the sender has demonstrated behavior that would put a spammer out of business.
Ongoing Commitment
Microsoft continues to invest heavily in anti-spam research and development and to look at innovative ways that technology can contribute to helping solve the spam problem for users worldwide. On a broader scale, Microsoft believes it will take a coordinated approach that includes advanced technology, industry self-regulation, consumer education, effective legislation and targeted enforcement against illegal spammers to solve the spam problem. The company remains committed to working with customers, partners, industry, government and law-enforcement agencies around the world to help put an end to spam.
More information on Microsoft's overall anti-spam approach can be found at http://www.microsoft.com/presspass/events/antispam/ . Detailed technical specifications for the CSRI and Caller ID for E-Mail proposals are available for public review and comment at http://www.microsoft.com/spam/ .
Founded in 1975, Microsoft is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device.
NOTE: Microsoft and Hotmail are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
SOURCE Microsoft Corp.
Web Site: http://www.microsoft.com
Photo Notes: NewsCom:
http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO AP Archive:
http://photoarchive.ap.org PRN Photo Desk,
photodesk@prnewswire.com