Microsoft said on Tuesday it plans to offer a new standalone message transfer agent that runs on the edge of corporate networks to securely handle the flow of e-mail to and from the Internet.
Exchange Edge Services, which is slated to go into beta testing later this year and ship early next year, is a replacement for the current Simple Mail Transfer Protocol service that is part of Exchange. Microsoft made the announcement at the annual RSA Security Conference in San Francisco.
Microsoft is developing the standalone message transfer agent (MTA) to replace the current one in Exchange because that one has a dependency on Microsoft's Internet Information Server and Active Directory.
That configuration can force administrators to leave ports open on the edge of their networks that can lead to security risks. The result is that few Exchange administrators use the current Microsoft MTA, opting instead for software from companies like Sendmail or a dedicated appliance offered by vendors such as IronPort.
"Edge Services will open the option for run the MTA at the edge (of the network)," says Dave Hebert, senior product planner for Edge Services at Microsoft.
But co-opting the MTA market is not Microsoft's ultimate goal. The big picture is that Edge Services will become a sort of hub for plugging in third-party security services for protecting e-mail communication. Microsoft is rewriting the MTA in C# managed code under the .Net Framework and adding an API that will support third-party plug-ins. The MTA also will fall under the common management platform Microsoft is developing under its Dynamic Systems Initiative.
Microsoft partners Brightmail, GFI Software, Network Associates, Panda Software, Sybari Software, Symantec and Trend Micro said they plan to develop products for Edge Services.
Observers say many users will be reluctant to run the MTA on the edge initially but could use it internally.
"Folks will be careful with it and maybe put in on bridgehead servers or use it for internal routing," says Matt Cain, an analyst with the Meta Group. "They will have to get comfortable with it before they put it on the edge." But Cain said the future of the MTA as sort of a security hub is headed in the right direction. "It will be good to get third-parties to write to it and get hygiene services under the Microsoft security framework."
The MTA will perform such functions as rejecting SMTP connections from specific IP addresses, verifying sender addresses, filtering in-bound mail for viruses and outbound mail for objectionable content.
Microsoft plans to eventually incorporate into the Edge Services MTA its Intelligent Message Filter, a spam filter slated for release in the next couple of months for Exchange 2003. The filter is based on Microsoft's SmartScreen technology, which learns distinguishing characteristics of legitimate e-mail messages and unsolicited junk e-mail. Those characteristics are stored in a database and used to filter mail.
Microsoft says the MTA also will feature the first implementation of the proposed Caller ID for E-Mail specification. The spec is designed improve spam filters by verifying the original domain of a sent message. Sendmail said it would back the Caller-ID spec and develop software tools for Microsoft's program as plug-ins for its open-source and commercial MTA software. Yahoo and AOL are working on similar Caller-ID initiatives.
The announcement was one of several made by Microsoft during the RSA keynote address by Bill Gates, Microsoft's chief security architect, including:
- The inclusion of news tools in the forthcoming Whidbey version of Visual Studio and the .Net Framework designed to help developers create more secure applications including PreFAST and FxCop, which provide static security defect detection, prevention, and mitigation capabilities.
- The unveiling of the Coordinated Spam Reduction Initiative, a long-range plan to reduce spam, and the technical specifications for Caller-ID for e-mail.
- Enhancements to Windows XP service pack 2, which is due later this year, including the new Windows Security Center, which allows users to automatically check the status of essential security functionality such as firewall, automatic update, and anti-virus.
- Active Protection Technology that can adjust computer defenses based on state changes, contain the impact and spread of worms and viruses, and prevent known attacks from compromising a PC.
- A cryptographically tamper-resistant biometric ID card that can be easily deployed using simple, low-cost hardware and regular paper.