E-Mail: Who Goes There?

By Cameron Sturdevant  |  Posted 2004-03-08 Print this article Print

Authentication is the key to solving spam problem.

Sendmail—maker of the commercial version of the open-source sendmail—announced last month that it will support any widely supported authentication scheme in an effort to thwart the growing problem of spam and e-mail fraud. This includes Yahoos newly minted DomainKeys and Microsofts recently announced Caller ID for Email.

The authentication train is about to leave the station, and IT administrators should be buying a ticket to ride.

I think e-mail authentication is the best solution to stopping spam—at least until SMTP can be replaced with a new mail specification. That wont be for many years, at least, and its worth noting that most of the thinking about a new e-mail protocol revolves around baking in authentication.

Sendmail, Yahoo and Microsoft are among the biggest players in the e-mail industry. However, most anti-spam vendors predict that spam will grow to comprise nearly 60 to 80 percent of the total volume of e-mail by years end. Big players, meet a big problem.

The sheer scale of the spam problem and the market presence of Sendmail, Yahoo and Microsoft dictate that IT managers immediately evaluate the impact of the Sendmail announcement and begin to consider a strategic implementation of an e-mail authentication system that meets the Sendmail benchmark of "widely supported."

However, IT managers should keep their spam-filtering products in place because authentication doesnt say anything about message content, only that senders are who they say they are.

With authentication, content- and signature-based spam filters will be more capable of sorting unwanted mail from desirable mail. This will add further clarity to the e-mail communications channel. And when authentication of the sender is required before the senders message can access the recipients in-box, you can be sure the vast majority of spammers will end up looking for new work.

I have said many times in this space that technology schemes such as authentication will be much more effective than legislation such as CAN-SPAM at stopping unwanted e-mail. In fact, studies are showing that the CAN-SPAM Act, which took effect Jan. 1, has made little progress in stemming spam.

Spammers, and their wolf-in-direct-marketing-clothing counterparts, will be seriously challenged by authentication schemes because with authentication comes responsibility on the part of the e-mail sender and choice on the part of the e-mail recipient.

Fortunately, new services are available that promise to give authentication schemes real bite. For example, Brightmail, an anti-spam software maker and service provider, announced in January that it will use its global e-mail monitoring system to determine the amount of legitimate mail and spam coming from e-mail sources. The better the behavior (yes, as determined by Brightmail), the better the reputation of the sender and the better the reputation score used to grade e-mail coming into the Mail Exchanger server. As e-mail and anti-spam software products and services add "reputation features," companies and end users will get to determine the minimum score an e-mail must have to make it into in-boxes.

Even more important, authentication schemes will complement just about any anti-spam system, and that is the beauty of Sendmails proposal.

There are drawbacks to using authentication systems, including increased costs for maintaining DNS servers and for buying into authentication and trusted reputation systems. However, I think that the costs associated with sorting good e-mail from bad are going to make expenditures on authentication systems look trivial.

And users will experience an almost immeasurable increase in goodwill toward e-mail systems as they see the stream of junk cut off. With authentication, relevance and productivity will return to e-mail.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel