Security

Yahoo Offers Up DomainKeys As Antispam Standard

Internet giant Yahoo has released an e-mail encryption scheme to the Internet Engineering Task Force (IETF) aimed at wide adoption and avoidance of the unwanted and increasing volume of commercial and gimmicky e-mail known as spam.

However, the submission of Yahoo’s DomainKeys antispam proposal comes in the wake of other recent proposals supported by antivirus and e-mail solutions providers, including Microsoft, with its Caller ID e-mail technology. Analysts agreed that while a single, unified standard that would actually slice into the surge of spam might emerge from the IETF, it will not be any time soon and the unwanted junk e-mail will continue to increase in the meantime.

“All three of those rely upon changes at the DNS entry level,” said Gartner’s Maurene Caplan Grey, referring to Yahoo’s DomainKeys, SPF and Microsoft’s Caller ID. “Certainly the major ISPs — Earthlink, Yahoo, MSN, AOL — they have met and it has been widely publicized that they’ve broken bread to develop something they can all agree on, but by virtue of the different providers and solutions, there’s no end in sight,” Caplan Grey told TechNewsWorld.

Proving and Protecting Identity

Yahoo claimed its DomainKeys could “bring black and white back to” the decision on whether an e-mail is legitimate or not. The company said that without sender authentication, verification and traceability, e-mail providers can never know whether a message has been forged and might block or quarantine legitimate messages by mistake.

DomainKeys allows e-mail providers to verify the domain of each e-mail sender as well as the integrity of the messages sent to ensure they have not been altered in transit. Once the domain can be verified, it can be compared to the domain used by the sender to detect forgeries and drop a message without impacting the user, Yahoo said.

Spaghetti with Spam

Caplan Grey said that the different sender verification technologies, led by SPF, are all winning adoption at the same time, setting the stage for a confusing situation.

“The likelihood is that as each of those continues to gain acceptance, it’s going to lead to more confusion because we’ll have a spaghetti network of sender verification programs,” she said.

The analyst added that it would be helpful if the IETF would release and bless a particular answer, but the group is known for being “glacially slow in releasing a single standard.”

Knowing and Trusting Sender

Caplan Grey also said the sender verification part of the antispam approach is only half of the solution because ensuring that the sender is in fact trustworthy is also necessary.

“A sender authentication standard is no good without a sender reputation initiative,” she said. “There are two parts to this. That’s the other end of the story and it’s not being told. That adds more ambiguity.”

Caplan Grey predicted the winning spam-slaying technology will be a unified sender authentication scheme combined with a sender reputation approach.

“But any way you look at it, it’s a crap shoot because you’re relying on everyone in the world to use the same systems,” she added.

CAN Spam Not Cutting It

Basex chief analyst Jonathan Spira, whose New York research firm estimates that spam costs businesses US$20 billion a year in lost productivity and other costs, said the industry assault on spam is a better strategy than the legislative approach, which has proven ineffective.

“It’s pretty apparent it’s a complete failure,” Spira told TechNewsWorld regarding the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, otherwise known as CAN-Spam.

Spira said government efforts are futile against the international issue of spam, and while industry efforts might be more effective as they evolve, the problem of spam is getting worse before it gets better.

“[A single standard] may represent the best of all approaches, but as they go through the standards-vetting process, they will evolve and things will change to ensure it’s adopted by the widest number of vendors,” Spira said.

He added that as the industry waits for the standard, “we’ll have more spam than ever.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels