Your E-Mail Is Getting a Reputation

By Larry Seltzer  |  Posted 2005-06-03 Print this article Print

Opinion: I hereby declare that DomainKeys has won the SMTP authentication battle. But the war against mail abuse isn't over, and the next stage isn't well-understood.

Its taken so long for e-mail authentication to get to this point that you might assume the whole idea had failed and been forgotten. Not true. The really important work has gone on, out of the spotlight. Yahoo and Ciscos announcement that they will merge their similar public key cryptography-based specs for authentication is a good example. Yahoo hasnt blabbed about it, but DomainKeys has gained a lot of momentum since its formal announcement late last year. DomainKeys support is available for most, if not all, the major mail servers, and further significant announcements will come in the next few days.

And Microsoft has not sat still with its Sender ID spec, even if the license was widely rejected. (You can assume that the licenses for DomainKeys and the new DomainKeys Identified Mail will not include the poison pills in Microsofts, and will be acceptable to open-source developers.) Microsoft has continued with promised Sender ID development for its own Hotmail and has also added support for Habeas e-mail certification.

All through the contentious and ultimately failed e-mail authentication standards proceedings last year there was an undercurrent of opinion that DomainKeys was the better solution, but an assumption that practical deployment of it was further out than for the alternatives, principally Sender ID. In fact, there were a variety of alternatives discussed in technical circles, but all these months later none of them has any real traction aside from SPF, and no serious people view SPF as a real solution to the problems of e-mail. Even the father of SPF, Meng Weng Wong, founder of, worked with Microsoft on Sender ID because SPF didnt address the full range of problems it needed to.

So with a small amount of hesitation I hereby declare DomainKeys—and, by extension, DomainKeys Identified Mail—the winner in the SMTP authentication battle. (I bet you didnt know I had the authority to do that.) But will they win the battle and lose the anti-spam war?

There is still the problem of Sender ID and alternative implementations, and its necessary in the long term for one standard to be dominant. If more than one authentication standard is supported by major players in the world of e-mail and you want your e-mail to authenticate properly, you have to support both standards both inbound and outbound. This could get interesting if the two specs are DomainKeys Identified Mail and Sender ID, since both add a chunk of data in the DNS, and well hear some administrator whining about it all.

But DomainKeys, at least, can clearly work in the real world. Yahoo has been using it on its own servers and claims that it has been "receiving more than 350 million messages signed by DomainKeys per day," so someone else is using it.

Next page: Reputation is the key.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel