Products and services from e-mail security company IronPort Systems will support Microsoft's Sender ID e-mail authentication standard, the company said on Thursday.

IronPort's C-Series security appliances will include Sender ID checks as one element used to generate a score used to establish the reputation of e-mail senders. The company's Bonded Sender Program, which is used by e-mail marketers, will also use Sender ID data as part of its accreditation process for e-mail senders, the company said in a statement.

The announcement comes as e-mail service providers gather on Microsoft's campus in Washington to learn about and show support for Sender ID, according to an announcement from the Email Service Provider Coalition. The group claims to represent companies that provide e-mail to more than 250,000 clients.

Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders -- including spammers -- to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.

Tens of thousands of Internet domains have published SPF records since the standard was introduced by Meng Weng Wong of Pobox.com. In May, Microsoft and Meng reached an agreement to merge SPF with a Microsoft-developed standard called Caller ID to form the new Sender ID standard, which Microsoft submitted to the Internet Engineering Task Force in June for approval.

Sender ID is fast becoming the de facto e-mail authentication standard, as Microsoft rallies support from e-mail providers, Internet service providers and e-mail software vendors.

In July, Microsoft said it would begin checking inbound e-mail to its hotmail.com, msn.com and microsoft.com domains for valid Sender ID information starting in October. E-mail messages that fail that check will be subject to additional scrutiny and filtering, according to Craig Spiezle, director of Microsoft's Anti-Spam Technology & Strategy Group.

America Online (AOL) will also begin using Sender ID checks on inbound e-mail in September. The results of successful Sender ID checks will be used to elevate the status of "good" e-mail, but failed checks alone will not result in messages being bounced, according to Nicholas Graham, an AOL spokesman.

"Momentum is growing. I think you're going to see a sea change, where we need to move to implementation and see what breaks and what doesn't break," Spiezle said.

In addition to IronPort executives, senior executives from Symantec, Brightmail, Cloudmark, VeriSign and others will gather at Microsoft's headquarters Thursday to hear from the software manufacturer and Meng about Sender ID, get technical advice about implementing the standard and learn about Microsoft's plans for using it with its Hotmail free e-mail service.

In a statement, IronPort said supporting Sender ID will allow it to help its customers fight spam and provide more accountability in the e-mail system.

The company plans to offer support for Sender ID in its products by October.

Other companies announcing Sender ID support for their products Thursday were:

• Cloudmark with its Cloudmark Rating for Sender ID, a free reputation system that will provide real-time reputation information that companies and Internet service providers can use to retrieve a reputation rating for an e-mail domain, based on data generated from about 330 million e-mail messages it processes daily, said Karl Jacob, chief executive officer of Cloudmark.

  In addition to retrieving a Sender ID validation from the DNS record of the sending domain, recipients will be able to query the Cloudmark service to retrieve a reputation score for the sender, the company said.

  The idea is to allow e-mail recipients to both verify the source of an e-mail message, and spot Sender ID authenticated messages, nevertheless, are sent from domains owned by spammers, Jacob said.

• E-mail marketing technology company DoubleClick said its DARTmail e-mail management system is compliant with Sender ID.

• Tumbleweed Communications will adopt Sender ID for version 6.1 of its Email Firewall product. The company already supports both the SPF and Caller ID technologies, which were combined to form Sender ID.
  Computerworld Buyer's Guide - Vendors Matched to this Article

  Unixpac , Citrix , Dimension Data , Trend Micro , SafeNet , GFI , SonicWALL , Sagem , Secure Computing , MessageLabs , CA , 3Com
  More about Symantec, MSN, Microsoft, IronPort Systems, Internet Engineering Task Force, DoubleClick, Brightmail, America Online, AOL, VeriSign, Tumbleweed Communications