Every time I write about spam, every anti-spam solution provider -- and there are more than 200 of them now -- comes out of the woodwork to tell me why their product is the one we've all been looking for. As a matter of habit, I ask them to call me back when their focus turns to creating an anti-spam standard through which all e-mail servers can interoperate at the message transfer agent (MTA) level--a standard that's freely deployable, even by the vendor's competitors. Only then, I have maintained, will we take a step in the right direction and can I consider endorsing the approach.
Well, then is now. Finally.
My hat's off to Yahoo for its DomainKeys and Microsoft for its CallerID. As far as I can tell, Yahoo and Microsoft each have put the interests of Internet e-mail users ahead of their own by not only inventing techniques that could lay the necessary foundation for ending spam, but by making those techniques freely available in a way that allows their competitors to use them . Microsoft and Yahoo are two of only three companies with sufficient presence in the Internet's e-mail system to create or endorse interoperable anti-spam technologies. The third company -- thus comprising the unofficial controlling consortium of Internet e-mail known as AMY -- is America Online, which is testing the independently developed Sender Policy Framework (SPF).
Each of these specifications promises to establish, with a much greater degree of confidence than was ever available before, that e-mails are truly from the source they claim to come from. Should a standard emerge for authenticating an e-mail's source, it would raise a significant barrier to spoofing, a technique spammers often use to falsify their identities. Should all MTAs be enabled with an interoperable technology that establishes an e-mail sender's authenticity, the way would be paved for ISPs and e-mail servers not only to reject mail that's virtually assured of coming from spammers, but to make additional filtering decisions based on what else is known about authenticated senders (e.g.: their reputation). Each of the specifications employs different techniques to accomplish this objective, but all three rely on the Internet's DNS for the retrieval and/or storage of the information necessary to complete the authentication process.
Since December 2003, all that was known for sure about Yahoo's technology was that it was called DomainKeys, that it involved the use of public and private keys, that the company SendMail was testing an implementation of the specification with its MTA, and that the technology bore some resemblance to parts of a sender authentication technology known as the Trusted E-Mail Open Standard (TEOS) from the ePrivacyGroup - enough of resemblance that the ePrivacyGroup issued a press release applauding the move, but subtly reminding the world that it held intellectual property (IP) in the area.
Then, earlier this week, just prior to an Internet Engineering Task Force(IETF)-organized meeting of MTA Authorization Records In DNS (MARID)--a group dedicated to the DNS-related fundamentals behind DomainKeys, SPF, and CallerID--Yahoo submitted its DomainKeys specification to the IETF as a Request for Comment (RFC). Although the collective power of AMY is probably enough to turn any mutually agreed upon anti-spam technology into a de facto Internet standard, the IETF is regarded as the official standards-setting organization for most of the Internet's standard protocols; submitting an RFC, as Yahoo has done, is the first step that a specification must take before it can be considered for ratification as an IETF-endorsed Internet standard.
In addition to submitting an RFC to the IETF for DomainKeys, Yahoo also published its licensing terms for the technology. Whereas the IETF prefers that RFCs be available on a royalty-free (RF) basis, it is less restrictive when it comes to where in the range of RF license types a particular RFC falls. Though RF licensing terms are critical to the mass adoption and penetration of a standard, RF licenses may involve a range of other encumbrances that could accelerate or hasten penetration and adoption.
In offering a royalty-free and very minimally encumbered license, Yahoo is the first member of AMY to set its obligations as a key influential Netizen ahead of any business ambitions that could be connected with its anti-spam intellectual property.
"We definitely thought that a standard needed to be royalty-free with as few restrictions as possible," said Miles Libby, anti-spam product manager for Yahoo Mail. "Anyone can implement DomainKeys as long as they promise not to sue us or other users of it. As soon as they sue, they lose their license. We really hope that DomainKeys becomes an Internet standard and we want to make sure everybody has the right to use it."
Additionally, those licensing terms will not be contested by TEOS-IP holder ePrivacyGroup. According to ePrivacyGroup's Vincent Schiavone, "We will work hard with Yahoo or anybody else to resolve any conflicts that might arise in order to make sure that any [relevant] items contained in TEOS can be contributed to the public domain on a royalty-free basis."
Play video
There are currently no comments for this post.