Yahoo has developed a system which, it claims will go a long way toward curbing spam, but the technology's success is dependent on its widespread industry adoption beyond the borders of Yahoo's e-mail servers.
The aim is to stop the spammers' practice of spoofing, or changing an e-mail message's header information so it appears to have been sent by someone else.
Yahoo's DomainKeys is designed to let receiving e-mail systems confirm that a message in fact originated from a user authorised to send e-mail for the domain stated in the header. DomainKeys uses public cryptography technology to accomplish this validation. The outgoing message is digitally "signed" with a private key while the receiving e-mail system uses a public key to validate the signature.
"This is a clever and secure implementation," said Brad Garlinghouse, Yahoo's vice president of communications products. "This system is the right answer for the industry."
Policies can be implemented in mail servers at the receiving end to deal with messages that fail the validation test. Because the approach is based on the internet's domain name system, DomainKeys is said to provide domain-level credibility. The control over generation and management of keys rests with the domain's owner, letting them control who has authority to send e-mail using their domain.
A legitimate organisation not using DomainKeys will be unable to embed the private-key validation in its outgoing messages, leading these messages to fail the validation test at recipient systems that do use DomainKeys. "To be truly effective, DomainKeys needs widespread adoption," Garlinghouse admitted.
"They'll have to convince a lot of people to co-operate with them," said IDC analyst Jonathan Gaw. "It's going to take a lot of effort on Yahoo's part to get everybody on board."
To promote DomainKeys' wide adoption, Yahoo will license its source code royalty-free. This open-source approach is also a message to partners and competitors in the industry that DomainKeys will not generate additional money for Yahoo nor give the company a technological advantage as the creator of the system. "The proposal isn't about creating value for someone in particular," said Yahoo's Garlinghouse.
Yahoo will implement DomainKeys in its e-mail systems at some point next year. It has already approached antispam organisations and individual e-mail suppliers to present DomainKeys, and has claimed to have had positive feedback.
Juan Carlos Perez writes for IDG News Service