Eradicating Spam and Phishing Requires an Industry-wide Approach

Leading e-mail infrastructure and services providers share the same challenges with spam, phishing, and identity theft. Part of the spam and phishing solution must involve coordinated industry efforts on many levels. Microsoft is working with key stakeholders such as America Online, Amazon, Bell Canada, British Telecom, Cisco, Comcast, eBay, Sendmail, Symantec, and Yahoo! to help drive technical collaboration and to develop effective industry guidelines and best practices to address these problems. The list below represents some of the key collaborative efforts.

Industry Working Groups and Alliances
Microsoft works closely with various industry organizations and trade associations to share information and coordinate efforts toward common goals.

Anti-Phishing Working Group
The Anti-Phishing Working Group is a global industry and law enforcement association focused on the elimination of fraud and identity thefts that result from phishing and e-mail spoofing. At Microsoft, we work with the group to help develop best practices and education on phishing, to create threat models and conduct forensics, to maintain a phishing data repository, to identify problems and evaluate solutions, and to partner with law enforcement authorities and legislators.

For more information, visit the Anti-Phishing Working Group Web site.

Antispam Technical Alliance
The Antispam Technical Alliance was formed in 2003 by Microsoft, America Online, British Telecom, Comcast, EarthLink, and Yahoo! to promote technical and nontechnical solutions for handling spam. Taking the position that eradicating spam requires a collective, industry-wide approach that includes sharing information and coordinating efforts, the alliance worked together to release these technical recommendations and best practices for the industry to help secure the e-mail infrastructure and bring increased accountability to e-mail.

For more information, download the Antispam Technical Alliance Technology and Policy Proposal.”
Founded in 2005, provides the e-mail industry with the latest information to facilitate the deployment and implementation of e-mail authentication standards and solutions. Supported by over three dozen companies, the organization publishes best practices for e-mail marketers, ISPs, and corporate e-mail administrators and hosts events and webcasts, including the e-mail authentication event. For more information, visit the Web site.

Email Service Provider Coalition
The E-mail Service Provider Coalition was formed to fight spam while protecting the delivery of legitimate e-mail. Coalition members recognize the need for strong spam solutions that ensure the delivery of legitimate e-mail and have been active in the war against spam, including supporting the Sender ID E-mail Authentication Framework. The coalition is currently working on spam and deliverability solutions through legislative advocacy, technological development, and industry standards.

For more information, visit the E-mail Service Provider Coalition Web site.

Global Infrastructure Alliance for Internet Safety (GIAIS)
GIAIS is a working group designed to drive a more secure Internet environment for consumers by working with leading service providers from around the world to help keep their 150 million customers more secure on the Internet. GIAIS covers 80 percent of the world's consumer Internet subscribers. Members include British Telecom, Cox Communications, EarthLink, Korea Telecom, MSN, Planet Internet, Shaw Communications, TeliaSonera, Wanadoo, and Xtra (Telecom New Zealand). The proactive program is a collaborative effort to help reduce the impact of viruses and worms.

For more information, visit the Microsoft GIAIS page.

Open Group Messaging Forum
The Open Group Messaging Forum is an international technology consortium and leading association for the e-business and messaging industries. Its mission is to improve the effectiveness of electronic messaging. Comprised of customers, suppliers, and consultants, the forum's diverse membership focuses on providing interoperable solutions for business leaders through education, fulfilling customer-driven requirements, promoting and endorsing standards-based solutions, and influencing public policy. Microsoft participates in the forum in an effort to establish industry-wide best practices, e-mail authentication, and customer solutions.

For more information, visit the Open Group Messaging Forum Web site.

TRUSTe is an independent, non-profit organization enabling trust based on privacy for personal information on the Internet. The organization certifies and monitors Web site privacy and e-mail policies and practices, and resolves thousands of consumer privacy problems each year. Microsoft works closely with TRUSTe to improve Internet safety and privacy with a shared commitment to e-mail authentication.

For more information, visit the TRUSTe Web site.

Reputation Services
Reputation services play a critical role in e-mail authentication and identity verification. Microsoft works closely with several companies that provide such reputation services.

Bonded Sender Program
Microsoft worked with IronPort Systems and TRUSTe as they established the Bonded Sender Program, the leading third-party e-mail certification program today for legitimate e-mail senders. The program, powered by IronPort and certified by TRUSTe, identifies legitimate senders of e-mail based on their adherence to program standards and the posting of a financial bond. By joining the program, senders improve deliverability rates. Internet service providers benefit by avoiding the risk of inadvertently deleting e-mail their users want and by reducing the costs of managing an allow list of senders. MSN and MSN Hotmail support the Bonded Sender Program.

For more information, visit the Bonded Sender Program Web site.

Habeas is an e-mail trust authority that certifies, safelists, and monitors the practices of legitimate e-mail senders so that their e-mail delivery rates are enhanced at MSN/Hotmail and other major ISPs. Habeas e-mail reputation services enable our ISPs and antispam partners to efficiently manage their inbound e-mail flow.

For more information, visit the Habeas Web site.

Return Path
Return Path is an e-mail performance management company dedicated to improving the reach, delivery performance, and overall success of permission-based e-mail programs. Solutions include list maintenance, deliverability, data acquisition, online sampling, and e-mail strategy. Return Path provides its customers with a competitive advantage by showing them how to maximize their e-mail performance and increase revenue.

For more information, visit the ReturnPath Web site.

Microsoft Phishing Filter Data Providers
At the end of 2005, Microsoft announced agreements with three new data providers to regularly provide information to Microsoft on thousands of confirmed phishing Web sites in an effort to help enhance the protection offered by the new Microsoft Phishing Filter technology available for the MSN Search Toolbar and included in the upcoming release of Internet Explorer 7 for Microsoft Windows Vista and Microsoft Windows XP SP2.

Cyota is the leading provider of anti-fraud, online banking authentication, and anti-phishing services for financial institutions. Cyota systems are in use by thousands of global financial institutions, including eight of the world’s top 12 banks. Over 430 million account holders are protected by Cyota’s systems.

For more information, visit the Cyota Web site.

Internet Identity
Internet Identity is a leader in the area of Internet presence control, enabling financial services firms and e-commerce companies to protect their customers against online fraud. Combining innovative technology with an extensive network of provider relationships, Internet Identity delivers highly effective fraud Web site deactivation and domain name control services.

For more information, visit the Internet Identity Web site.

MarkMonitor is the global leader in establishing and protecting corporate identities on the Internet, with a focus on making the Internet safe for business and consumers worldwide. MarkMonitor provides integrated, end-to-end corporate identity creation and protection solutions—including global domain registration and trademark reconciliation, Internet brand protection, phishing/fraud detection and response, and online channel monitoring.

For more information, visit the MarkMonitor Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.