Can Yahoo Actually Do

By Larry Seltzer  |  Posted 2004-01-12 Print this article Print

It?"> If this proposal is ever to get off the ground, the next step, after feedback to Yahoo, will be a standards process with a proposed standard from Yahoo. Since every mail server on the Internet will have to implement Domain Keys if it wants to send mail, for all practical purposes there will need to be monetarily free and open-source implementations available. If it looks promising, at some point early in that process— because the spam problem is so urgent—some people will want to implement it even if the standards process is incomplete.

There are plenty of mail servers in the world running on a lot of different platforms. A few of them are more important than others, such as Sendmail, QMail, Exchange and Notes. The free implementations of Domain Keys will have to cover a very large percentage of mail servers in use.

So what would be the critical mass of servers needed to implement the technology before it could be considered dominant, or implemented enough that one could say that its unreasonable for people not to implement it? How do we quantify this critical mass? The answer would have to be framed in terms of e-mail users who use the servers in question. Yahoo, AOL and Microsoft joined in an alliance against spam last year. If all three members of the coalition were to endorse one technology and promise to implement it, that move would represent a huge percentage of Internet mail. It would be hard for other vendors and services to ignore such an initiative. At some point, governments and large corporations would also adopt such a technology and require others who want to communicate with them to implement it too.

If I sound enthusiastic, Im really more skeptical than that. Remember, this is a proposal to require all mail server operators to change their software. Its a proposal to change the most widely-used protocols on the Internet. Something of this magnitude isnt done unless its really, really necessary. And (this is important) you absolutely have to get it right the first time. As Yahoo points out, this is why theyre asking for feedback on their proposal.

There are other potential problems with domain keys: The system would increase the processing load on every mail server by adding digital signing to the process, and I assume it would also increase the amount of DNS traffic a fair amount as recipient servers look up the public keys of the senders.

Authentication also means a step away from anonymity for users on the Internet. This doesnt bother me so much, but it does bother a lot of other people. Its possible, certainly with a system like Domain Keys, for a domain to keep its users anonymous even if the fact that mail is coming from it is not hidden. If you feel that mail from that domain is not trustworthy you can block it.

Domain Keys is a fascinating idea most because, in its attempt not to overreach, it demonstrates how formidable a challenge it is to make a technical solution to spam within the existing Internet infrastructure. Even Domain Keys requires changes so widespread that fundamental that its easy to envision a rocky transition period at a minimum. Spam is a tumor, rapidly growing into the body of Internet email and choking the life out of it. Surgery like Domain Keys can be painful and unpleasant and its not always successful, but perhaps well really try it before email actually dies.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Be sure to check out eWEEK.coms Security Center at for the latest security news, views and analysis.

More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel