Microsoft Will Submit 'Caller ID' To The IETF 42
An anonymous reader submits "According to a recent mailing list post by Harry Katz who is the Program Manager of Exchange at Microsoft, they plan to submit MSFT's "Caller ID" proposal to the IETF: 'I want to inform members of the MARID working group that Microsoft will
shortly be submitting the Caller ID for E-mail specification to the IETF
as an Informational RFC. We request that the Caller ID specification be
considered an input document to the working group's deliberations.'"
Obligatory note... (Score:2, Informative)
Re:Obligatory note... (Score:3, Informative)
b) "Caller-ID" is copyrighted, and will almost certainly not be used as a final name.
c) True. However, the working group will not be choosing one approach from whole clo
Re:Obligatory note... (Score:2)
As for the cost of certificates, it really depends on what you are doing. If you are an enterprise of any real size or an ISP you are already spending hundreds of $ per month talking your way off various blocklists, and
Re:Obligatory note... (Score:4, Interesting)
I may just be paranoid of the MS grab it all attitude, but I don't like the implications of this. Is this normal wording for such a license that involves Patented works in RFCs?
Re:Obligatory note... (Score:2)
If you distribute, license or sell a Licensed Implementation
Does this section mean that everyone who implements this must notify Microsoft that they are using it?
Only if you distribute, license, or sell it.
If you're "not licensed to distribute a Licensed Implementation", then does each end user have to check in with MS?
Since you're not licensed to distribute an implementation, you'd not supposed to have "end users" at al
As an RFC? (Score:4, Funny)
(Oooh. Bad punning and Microsoft bashing in the same post...)
Please come up with something .. (Score:5, Funny)
Because all I need to be happy in this world is to fulfil my one last dream in life.
I won't go into it, but lets just say it involves a blowtorch, a pair of pliers and a tied up spammer.
Hope it won't be as bad as Caller ID (Score:5, Insightful)
"Out of the Area", "Private", or the state of origin. "Oh boy, someone in California is calling, that only narrows it down to 40 Million people..."
Doubt this will be different, just a few extra bytes added to every E-Mail, clogging up the networks worse than before.
Re:Hope it won't be as bad as Caller ID (Score:3, Funny)
Re:Hope it won't be as bad as Caller ID (Score:2)
I had 1 call since Sept 2004, and the TPS is actively pursuing my complaint regarding that call, seeing as it was a criminal offence to make it.
The also handle SMS spam complaints too, now that that is illegal also.
What is an Informational RFC (Score:5, Informative)
No blatant typos and grammer can't completely suck
Can't break the internet
Must show adherance to RFC 2026
Yup - that is about it, so they get an informational RFC out of it. Who cares if no one in the world implements it. I would be worried if they were getting a standards track RFC that implies that people actually had to agree that it was the right thing to do.
Re:What is an Informational RFC (Score:3, Insightful)
Oh, the irony!
Won't work (Score:4, Insightful)
If this scheme were magically globally implemented today it would reduce email spam by 50% at most, and for a few weeks at best. I see zero reason to believe that one month from now the spam rate would be even 1% less than it was yesterday, especially considering this years virus fun so far. Nor will it reduce the CAN-SPAM oxymoron of "legitmate spam", eg attempts to sell the political candidates.
With no reason to believe this RFC will accomplish even its purported intent no one sane will waste time and money to implement it. Expect the few morons who do to block more legit mail than spam.
My nerves... (Score:1)
That's from the callerid_license.pdf document on their Technical Specification page...
True, it continues with:
Re:My nerves... (Score:1)
Man, what a hack.... (Score:5, Interesting)
"Long e-mail policy documents. Larger organizations with more complex e-mail topologies may need longer e-mail policy documents. If your organization has a large e-mail policy document, please refer to the Caller-ID specification for information on how to split it up."
This is stupid -- DNS shouldn't have to be twisted into knots to get this to work. These solutions seem to be the lazy way of getting things done: "Distribution of trust is too hard. But we already trust DNS, so let's just mess with DNS until it does what we want it to."
How about a new version of smtp that signs emails using a trusted certificate (yes, I recognize that it's pretty unlikely that I'm the first to suggest this)? If browsers come with lists of trusted root certs, why can't SMTP daemons? Current SMTP servers can ignore the signature, and subsequent SMTP servers could use it as a cue to bypass spam filters (or skip directly to a "domain is known bad?" decision point).
While MS is mucking with stuff, why don't they have Windows automagically generate a cert for someone's identity when a new user is created, and then include email signatures by default in Outlook/OE? Outlook and OE seem to handle S/MIME just about as well as Mozilla/TBird do.
(Cue boilerplate "your solution to the problem of Spam sucks because of..." here).
Re:Man, what a hack.... (Score:2)
If you generate your own certificates, then there isn't much point in having the system, right smartass? Or do you think spammers would have a problem with generating a new certificate for every batch of spam?
Re:Man, what a hack.... (Score:2, Informative)
Verisign Class 1 Digital ID: $14.95 per year. [verisign.com] I'm sure with some shopping around you can find a better deal.
Or there's the "web of trust" model.
Re:Man, what a hack.... (Score:2)
I think we are more likely to see the $350 SSL type certs from Verisign.
Re:Man, what a hack.... (Score:2)
Certificates do not cost much. I can understand individuals being hesitant to drop $15 or so per annum per domain, but for many businesses across the world (I'm going to guess they're among the largest consumers in email traffic) this is well worth the cost.
Re:Man, what a hack.... (Score:2)
I'm sure that spammers are using these products for their mass emailing instead of custom applications to obscure header information.
The reduction of spam (solution is too optimistic) will likely come from a multiple solution app
Re:Man, what a hack.... (Score:2)
Are you serious? I kinda doubt it. I'm almost positive that there are custom spammer apps (some probably do web spidering too). I don't think they use them solely for obscuring header info. Anyways, that's not the point. I'm not suggesting that spammers couldn't mimic S/MIME, because they absolutely could. But assuming message-signing became so prevalent that it was
Re:Man, what a hack.... (Score:2)
Re:Man, what a hack.... (Score:2)
What's so special about "CallerID" anyway? (Score:3, Interesting)
From the MS website:
Given that email headers indicate the IP address of the originating email server, and the 'from address' indicated the alleged originating domain, isn't this already possible by means of a simple DNS lookup?Or is that CallerID really is under the hood and MS is trying to 'license' it to folks?
(Amd with all the money MS has, can't they hire tech writers who know not to end a sentence with a preposition???)
Caller ID a broken system (Score:2)
I find it phenomenally frusterating that the single company best positioned to provide the only real long-term fix -- a worldwide PKI/trust network via Outlook and Exchange -- is bound and determined to stick with another short-term hack.
Worse, this is a short-term hack that produces pain-in-the-ass side effects that will be with us for decades.
Re:Caller ID a broken system (Score:5, Insightful)
Re:Caller ID a broken system (Score:1)
Thawte has free personal certificates, and an interesting "Web of Trust" idea for e-mail certificates.
Re:Caller ID a broken system (Score:2)
Re:Caller ID a broken system (Score:2)
There's no need to do so.
The fees on certs for, say, web servers are justified by reason of verifying a RL ID/key mapping. There's no need for this in simply ensuring the trustworthiness of a key owner not being a spammer.
I mean, sure, it's possible to have commercial signers (among others). If Verisign wants to endorse your ID not being that of a spammer and charge $50 to do so, that's fine. But even in such a scenerio, I wouldn't expect signers to
Re:Caller ID a broken system (Score:1)
Re:Caller ID a broken system (Score:2)
Eliminate spam: Use GPG (Score:4, Insightful)
encrypted with my public key.
If GPG shipped with every email app out of the box,
there would be no spam. It's free, it's here now.
I will not read your unencrypted email.
Re:Eliminate spam: Use GPG (Score:2, Insightful)
Re:Eliminate spam: Use GPG (Score:2)
lusers, if the nerds get their butts in gear and
make using GPG transparent and default.
Re:Eliminate spam: Use GPG (Score:2)
X.
Easy to solve (Score:2)
Every now and then I get an email telling me I sent someone a virus, but those are always being returned from the "russian women" mailing list I was on a year ago. Since every person I contact gets their own "from address" at my domain, I never see third party spam. Either folks like ebay