Sender authentication will be the biggest global change to the email system in over a decade, but it will be widely adopted and make a serious dent in spam in less than a year, according to one CEO involved in the process…
Dave Anderson, CEO of Sendmail, told ComputerWire yesterday that in less than twelve months he expects a coalition of companies to announce that they will ask those sending email to them to have implemented authentication.
Asked about Bill Gate’s prediction that spam would be licked by January 2006, Mr Anderson said: I think that deadline is too long. I think that six months from now we’ll look back and say ‘Spam was really annoying, but fraud is now killing email’.
He said that he expects a group of companies to recommend in the next six months that senders should start implementing authentication specs, such as Sender ID or DomainKeys. Stronger steps will not be far behind.
Sender ID is being backed and promoted mainly by Microsoft. The company recently said that Hotmail will start giving special treatment to Sender ID or Sender Policy Framework authenticated email on October 1.
Sender ID, which incorporates many elements of SPF, involves email senders publishing the IP addresses of approved outgoing mail transfer agents in their domain name system records, where they can be authenticated by recipients.
There’s a broad consensus that at first a Sender ID authentication will be used as a factor in spam filtering decisions. Hotmail, for example, will put unauthenticated email through more filtering hoops than authenticated email.
Microsoft is currently pitching Sender ID to potential users. A spokesperson said the company will host a meeting of the Email Service Provider Coalition at Microsoft’s main Redmond campus next week. The meeting is designed to encourage support for Sender ID.
The ESPC is a send-side coalition of direct marketing firms representing about 250,000 clients. Many of these firms are frustrated by the fact that some current technologies filter on content, not taking into account the would-be recipient’s preferences.
Sender ID is set to help so-called reputation services be created, the idea being that it’s a lot easier to give an entity a reputation if you can confirm their authenticity. Reputation services could reduce, but not eliminate, the need for content-based filtering.
Microsoft is also involved in other coalitions that could prove useful in propagating the benefits of authentication. The Anti-Spam Technical Alliance, for example, comprises some of the biggest ISPs – Microsoft, AOL, Yahoo, EarthLink, BT and Comcast.
Microsoft is also a leader of the six-month-old Global Infrastructure Alliance for Internet Safety (GIAIS), which includes the ASTA members and major ISPs in Europe, North America and Asia, collectively representing 150 million customers.
Sender ID, as an IP address-based system, has certain limitations. Alternate systems bring in the element of cryptography. Sendmail’s Mr Anderson said: Once people start deploying Sender ID, they’re going to start looking at DomainKeys.
DomainKeys, backed by Yahoo!, also requires companies to add information to their DNS records, in this case a public cryptographic key. Outgoing email is signed with the sender’s private key, and recipients can authenticate against the public key.
We are recommending people are prepared to use multiple types of authentication, said Sendmail’s director of product strategy Rand Wacker. Each is going to break in unique ways, so we’re suggesting multiple types be rolled out for testing.