SM-Bot
8 Dec 2003, 7:54pm
In a pre-announcement, Yahoo has said it plans to do something serious about spam next year. According to Reuters the new initiative, named 'Domain Keys' will involve automatic cryptographic signatures on mail. The signature will then identify which Internet domain the mail is from.
This line of attack on spam seems rather more promising than the law-based line, which doesn't seem to be going the right way, even assuming you could identify who the lawbreakers were. And though many of us may feel like kneecapping the spammers, that approach suffers from the same problem, plus the problem of legality.
Though Yahoo is not ready to lay out the details yet, it says it will provide free specifications and code -- always a good way to get your proposal adopted on the Net -- some time next year. In the mean time it is dropping hints. It's the Internet protocol version of vapourware: software announced far in advance of its introduction, with the aim of slowing sales of rival products.
In this case the alternatives being "nipped in the bud" are proposals like SPF, sponsored by Yahoo Mail rivals pobox.com. Other people working on the problem of identifying the source of mail include the IRTF (Internet Research Task Force). Clearly Yahoo doesn't feel these net.bigwigs are getting there fast enough and want to shortcircuit the process by announcing the imminent announcement of its own pet scheme.
The main difference between SPF and Yahoo's "Domain Keys" is that Yahoo uses cryptographic signatures, rather than the IP (numeric) address of the sender, to determine the source of a mail. This means the receiving system has to first download the entire mail in order to check the signature. In the case of SPF you can reject the mail immediately, since the originating IP address is revealed, caller-ID style, the moment someone contacts your system with a message. There's also a certain processing overhead inherent in the Yahoo idea, since there will be huge numbers of signatures to check - good news for purveyors of 64 bit CPUs everywhere.
Read more
Read even more
This line of attack on spam seems rather more promising than the law-based line, which doesn't seem to be going the right way, even assuming you could identify who the lawbreakers were. And though many of us may feel like kneecapping the spammers, that approach suffers from the same problem, plus the problem of legality.
Though Yahoo is not ready to lay out the details yet, it says it will provide free specifications and code -- always a good way to get your proposal adopted on the Net -- some time next year. In the mean time it is dropping hints. It's the Internet protocol version of vapourware: software announced far in advance of its introduction, with the aim of slowing sales of rival products.
In this case the alternatives being "nipped in the bud" are proposals like SPF, sponsored by Yahoo Mail rivals pobox.com. Other people working on the problem of identifying the source of mail include the IRTF (Internet Research Task Force). Clearly Yahoo doesn't feel these net.bigwigs are getting there fast enough and want to shortcircuit the process by announcing the imminent announcement of its own pet scheme.
The main difference between SPF and Yahoo's "Domain Keys" is that Yahoo uses cryptographic signatures, rather than the IP (numeric) address of the sender, to determine the source of a mail. This means the receiving system has to first download the entire mail in order to check the signature. In the case of SPF you can reject the mail immediately, since the originating IP address is revealed, caller-ID style, the moment someone contacts your system with a message. There's also a certain processing overhead inherent in the Yahoo idea, since there will be huge numbers of signatures to check - good news for purveyors of 64 bit CPUs everywhere.
Read more
Read even more