Yahoo Proposes E-Mail ID System
The technology, known as DomainKeys, would be available to both domain owners and receivers. Domain owners would create a public and private key. E-mail sent from the domain would have a digital signature in the header containing the private key. Receivers would match up the private key with a public key registered with the Internet's Domain Name System.
In this way, Internet service providers using the system could establish the sender's identity. Currently, a sender can claim it is from, say, eBay without really being from the online auction giant.
The system would let ISPs implement policies to block senders if they fail to establish their identity. Yahoo said it planned to adopt DomainKeys next year.
E-mail marketers reacted with cautious optimism to the Yahoo proposal while stressing the need for details before determining whether the system would benefit legitimate senders.
"We really haven't seen the nuts and bolts of their proposal," said Trevor Hughes, executive director of the Network Advertising Initiative's E-mail Service Provider Coalition. "It appears to be a very clear move toward secure identity within e-mail."
Yahoo said it would release a white paper detailing how DomainKeys works in the near future.
Yahoo said it would make DomainKeys freely available for other ISPs, including Microsoft and AOL. A Microsoft representative declined comment on the proposal. AOL spokesman Nicholas Graham said DomainKeys "should be taken seriously and deserves consideration."
"One of the big downsides is that they haven't gotten a groundswell of support," said Pat Peterson, general manager of information services at IronPort, a San Bruno, CA, e-mail infrastructure provider.
Still, despite its origin as a Yahoo technology, DomainKeys could act as a "tipping point" for implementation of an Internet-wide identification system for e-mail senders, he said.
"This has the potential to move downstream to lots of different players," Peterson said.
Yahoo said DomainKeys has a good chance to gain widespread adoption because it would drastically decrease the spoofed e-mail clogging e-mail systems and would require little cost to set up.
Yahoo has joined Microsoft and AOL in an alliance to hash out a common industry strategy to fight spam. The three ISPs are expected to release an outline shortly of what steps should be taken, while leaving it to the individual ISP to implement a specific solution. Yahoo has proposed DomainKeys to the alliance for industry-wide adoption.
E-mail marketers see establishing their identity and reputation as key steps to getting their e-mail through ISPs' stringent filters. Last week, AOL implemented an enhanced whitelist that frees good-performing senders' mail from some anti-spam measures.
Hughes said a key would be whether Yahoo's system is interoperable with other authentication systems sure to arise.
"If we end up with a balkanized solution set, where Yahoo accepts some standards and Microsoft others, that's going to make the situation much more difficult," he said.
The E-mail Service Provider Coalition has proposed an overhaul of e-mail architecture based on a plan called Project Lumos. The plan calls for a federated system of authentication mechanisms that would let e-mail senders establish their identity in one place and have it recognized everywhere.
Peterson and Hughes think identity needs to be coupled with a mechanism to establish a sender's credibility, such as a rating system that establishes a sender's reputation. IronPort has partnered with Project Lumos to provide reputation through its Bonded Sender Program, which debits a sender whose e-mail reaches a complaint threshold. IronPort bought anti-spam blacklist SpamCop on Nov. 24 to assist in establishing sender reputation in Bonded Sender.
"Identity is just part of the puzzle," Peterson said.