The first Inbox conference, held earlier this month in San Jose, Calif., was supposed to be about “everything e-mail” but was instead dominated by everything spam.
A highlight of the show, which was attended by about 200 e-mail vendors, experts and enterprise e-mail administrators, was the pending submission of Microsoft Corp.s Caller ID technology, the first step in the companys CSRI (Coordinated Spam Reduction Initiative) framework. Also noteworthy was the news that Meng Wong, author of the Sender Policy Framework, is expected to formally submit the domain authentication scheme to the Internet Engineering Task Force this month.
Once the combined Caller ID-Sender Policy Framework authentication mechanism is implemented in e-mail systems, MTAs (Message Transfer Agents) will be able to check with a domain to see if the IP address associated with the message is authorized to send e-mail.
This wont be a panacea for the spam plague, but it should bring some relief. eWEEK Labs urges IT managers to press the IETF for a speedy approval of the standard.
Standing-room-only Inbox sessions focused on authentication and reputation services, which use an arbitrary set of rules to determine the reputation of an e-mail sender. The popularity of these sessions shows that enterprise e-mail managers should keep an eye on authentication systems development. Managers, after all, must ensure that their message infrastructures can support the directory calls and other technologies, such as digital certificates, that new authentication and reputation systems will require.
Although the technology behind reputation systems hasnt been developed yet, some vendors at Inbox described the reputation schemes of the future. These systems will be built on the premise that the more responsibly a sender behaves, the more likely the reputation service will approve that senders e-mail.
Inbox also made it clear that the definition of spam is still in flux. Best practices suggested at sessions, including “E-mail Security and Privacy Policy Essentials,” outlined effective strategies for e-mail administrators to ensure that users know what is permitted and what is forbidden on their corporate networks. We suggest that these policies be guided by the principle that reducing spam starts by limiting the ways in which corporate e-mail addresses are used on the Internet.
Many vendors are ready to expand the definition of spam to include all unwanted e-mail. Given that current e-mail systems have difficulty sorting narrowly defined spam from “good” e-mail, we advise e-mail administrators to steer clear of products that attempt to take “unwanted” into account.
The road to a spam-scarce future
The Inbox conference provided a glimpse into a future where spam is reduced to a trickle, but that future is still some distance away. The keys to spam scarcity include:
- Authentication The ability to tie identity to an e-mail message is vital to stopping spam. Inbox attendees discussed technical challenges, including what authority would be responsible for handling all these authentication requests. It will likely be several years before the fight for authority settles on a technology that provides effective authentication.
- Reputation To get legitimate unsolicited e-mail past ever-more-vigilant anti-spam tools, senders will have to get a pass based on their ability to play by the rules. Unfortunately, presenters at the Inbox conference made clear that these rules—from accurate subject lines to requiring a real return e-mail address—are still far from finalized. The final authority that decides who is and is not playing the game correctly is also far from decided.
- Security As e-mail systems receive closer scrutiny as a possible virus vector, get ready for a lot more message scanning.
Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.
Be sure to add our eWEEK.com messaging and collaboration news feed to your RSS newsreader or My Yahoo page