Many people believe the real solutions to tackling growing spam and online fraud problems lie in more ambitious forms of message authentication. But such ambitious approaches would require, most observers agree, the participation of many arms of the high-tech community. This week, Sendmail, a global provider of open-source and commercial secure message management solutions for enterprises, announced that it is backing—and will help develop—two of the most high-profile authentication schemes around: Yahoo!s and Microsofts. Both companies are focusing on taking on spam—and other mail-security-related issues—at the domain level.
Most existing sender authentication schemes are fragmented and differ widely, producing few far-reaching standards. Sendmails endorsements of Yahoo!s and Microsofts approaches, are part of what CEO Dave Anderson says will be an ongoing effort to "to endorse all mail authentication techniques that will have widespread usage." Millions of users—including many Fortune 500 enterprises—use Sendmails technology on mail servers, so the companys alignment with Yahoo!, Microsoft and other authentication players could have a significant impact on spam and mail-based fraud.
Yahoo!s Domain Keys authentication software which will be made freely available in 2004 to developers, seeks to authenticate the outbound domains of every e-mail message using unique embedded keys within e-mail message headers. The keys would be authenticated through comparison with public keys registered by the Internets Domain Name System (DNS). The goal is to "attack the spam problem where it should be attacked—at the absolute root," said Brad Garlinghouse, vice president for communication products at Yahoo!