Congress, Yahoo! Slam Spam

The CAN SPAM bill makes it through congress and Yahoo!'s domain authentication proposal moves to rock spam's world.

The anti-spam war is gathering momentum. Hardly a week goes by without a major technology company or various arms of the government creating a new way to attack unsolicited e-mail. But the past week has seen some of the most significant efforts yet. Yahoo! has announced ambitious plans to launch an e-mail authentication system that would change the way the Internet works, and Congress has passed national CAN SPAM legislation.

The Yahoo! scheme calls for a way to "attack the spam problem where it should be attacked—at the absolute root," said Brad Garlinghouse, vice president for communication products at Yahoo!, in a PC Magazine interview. New software called "Domain Keys," which will be made freely available in 2004 to open-source developers, would authenticate the outbound domains of every e-mail message using unique embedded keys within e-mail message headers. The keys would be authenticated through comparison with public keys registered by the Internets Domain Name System (DNS).

"There is a long row of dominoes that we are staring at," Garlinghouse says, "and nobody has really pushed over that first domino. To get the right kind of cascading effect going in fighting spam, we believe pushing over the first domino is about verification of domain identity."

Domain Keys roughly resembles several similar efforts to curb spam through sender authentication. For example, Bonded Sender (, sponsored by anti-spam firm IronPort Systems, allows originators of messages to purchase a bond testifying to the integrity of mail they send. If recipients feel they have received unsolicited e-mail from the sender, they can complain to their ISPs or to IronPort, and a financial charge will be debited from the bond.

"Bonded Sender really focuses on the bulk mail providers," says Garlinghouse. "That and other efforts from interesting startups can work. We think Domain Keys can work well along with these, though. They can be symbiotic, but we dont think either Bonded Sender or the CAN SPAM legislation can be entirely effective unless the whole high-tech industry comes together to authenticate and manage all e-mail."

Congress approved the national CAN SPAM legislation last week that could take a bite out of the unsolicited e-mail flood. Among other rules, the legislation requires senders of unsolicited e-mails to include reply features so that recipients can specify that they do not want mass mailings. New rules also restrict senders of unsolicited e-mail from using misleading subject lines and disguising where e-mails were sent from. President Bush has said he intends to sign the legislation into law.


To read the full story,

click here.