Tuesday, 16 October 2007

Email Sender Reputation at all, David?

David Berlind sounds like he's sick of talking to hyperbole-fuelled anti-spam vendors. Can't say I blame him.
It is probably true that if everyone in the world ran just one solution, we’d be able to tweak that solution in such a way that we’d finally get a handle on the inbound and outbound problems associated with spam. When everyone has access to the same technology, there’s a name for that. It’s called a standard. There is zero chance of some proprietary solution becoming the defacto antispam solution for the world. But, if only AOL, Google, Microsoft, and Yahoo (the world’s leading e-mail solution/service providers) would get together and decide on what the non-proprietary standards should be and implement them in their systems, it wouldn’t be long before every other e-mail solution provider would have to follow suit (in order for their e-mails to interoperate).
Well, the thing is, in many ways, AOL, Google and Yahoo are doing what he asks (and even Microsoft is making encouraging noises).

The "standard" the industry's heading towards is "true" sender reputation (i.e., not the DNS-IP-blacklists-on-drugs that we have today). Being able to store and share opinions about the "goodness" of an individual sender and/or sender domain would be incredibly useful, but we're not there yet -- mainly because email is to easy to forge. This is where sender authentication comes in.

So the necessary precursor to sender reputaion is to get everyone using DKIM, so we have a strong method of sender authentication (not just the relatively weak-but-easy SPF/SenderID) -- this is where the big three mentioned above is right now (and as I said, Microsoft is making encouraging noises, despite its wedded bliss with SenderID).

For more, see:

2 comments:

Anonymous said...

DKIM and SPF rely on TXT records being provided by DNS.

If you're a large corporation with your own DNS servers, that's feasible.

If you're a (not-so) large organisation using your hosting provider's DNS servers, it's typical that they don't allow the ability to create TXT records.

Is it really the case that, if you want to send mail from your own domain, you have to use an external DNS provider for this to work ?

Richi Jennings said...

If your registrar doesn't allow you sufficient control over your DNS, get a new registrar. (If your Web host insists you use their DNS, get a new Web host!)

Even if they don't allow you to twiddle it with cpanel or such, they'll often set it up manually if you email the supportlings.

Post a Comment