Yahoo, Sendmail to test antispam system
The companies are developing an authentication system to reduce the common spam practice of spoofing, and they plan to test it by March.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
The two Silicon Valley companies announced support of DomainKeys, a proposed system for verifying the identity of an e-mail sender and reducing e-mail forgeries. Yahoo--which runs a Web-based e-mail service used by more than 39 million people in the United States, according to Nielsen/NetRatings--plans to develop and test the system by March. Sendmail's open-source technology, which routes the bulk of corporate e-mail to and from the Internet, will be integral to the experiment.
"In working with Sendmail, and other industry leaders, we are able to develop a powerful authentication solution to solve the spoofing problem and lay the foundation for future antispam advances," Brad Garlinghouse, Yahoo's vice president of communication products, said in a statement.
In a separate announcement, Sendmail said Tuesday that it will back Microsoft's system for identifying the origin of e-mail, an initiative called "caller ID for e-mail" that aims to cut down on fraud. Sendmail will develop software tools for Microsoft's program as plug-ins for its open-source and commercial software.
For its part, AOL is experimenting with its own authentication system. In January, the online unit of media giant Time Warner
Yahoo, Microsoft, AOL and others are trying to soften a growing headache for Web surfers and corporations. More than 50 percent of e-mail sent today is unwanted junk e-mail, and the spam volume costs mail providers millions of dollars in hijacked bandwidth, storage and defense measures.
Key to thwarting spammers is developing methods to verify that people are who they say they are. E-mail spoofing is one of the toughest problems for Internet service providers and antispam companies to crack, largely because Simple Mail Transfer Protocol (SMTP)--the method for sending e-mail--offers no widespread means to detect and authenticate a sender's identity. Junk mailers typically cover their tracks by hacking into unprotected e-mail servers or open relays, or by falsifying names and e-mail addresses in the mail sender field.
DomainKeys is a proposed system that attaches encrypted "keys" or tags to every e-mail sent--with one key held in a public database and another key, which is private, linked to the message. Once the message is delivered, the receiver could match up the private key to the public key held in the open database to verify the sender's identity. But if the public key cannot corroborate the signature, the message would be subject to the receiver's spam policy.
Following their tests, Yahoo and Sendmail plan to develop an open-source package for wider adoption in the industry. Late last year, Yahoo said that it was developing DomainKeys for its mail system and Tuesday's announcement builds on that initiative.