Microsoft today released the results of a study of its Sender ID email authentication program, showing that the framework is increasing in adoption and blocking millions of messages to Windows Live Hotmail accounts.
The Redmond, Wash.-based software vendor said it has seen a three-fold increase in adoption, accelerating to 8 million domains world-wide since the Sender ID Framework for email authentication was made freely available last year.
The study judged the effectiveness of the framework and was conducted over the last two years.
Sender ID enabled domains have detected up to 20 million forged messages daily, according to the study. Depending on the brand, between 40% and 98% of the email sent to Windows Live Hotmail users is actually spoofed and fraudulent.
Microsoft developed Sender ID with several other security vendors. It is freely available under the company'sOpen Specification Promise (OSP) program.
The framework verifies an email message by looking up the address of the sending server and checks the address against a list of authorized mail servers that the domain owner has published. Microsoft executives agree that the framework is not perfect. If a domain is wrongly black-listed it is very difficult for a domain owner to get back on the authorized list.
Some open source groups have also refused to support the Microsoft-co-authored Sender ID specification. Despite their refusal, analysts say Sender ID's successful adoption is due to the fact that most medium to large businesses are using IBM or Microsoft products.
Microsoft also said that its study found that Windows Live Hotmail accounts had less spam despite an increase in spam globally. Marketing email is also less likely to be marked as spam in Hotmail accounts, the software vendor said.
"The business value of Sender ID is now providing tangible benefits," Ryan Hamlin, general manager of the Technology Care and Safety Group at Microsoft said in a statement. "Widespread adoption of the Sender ID Framework, continued collaboration with industry, businesses and governments, and a commitment to user education are all promising steps towards protecting the inbox."