Tuesday, 16 October 2007

Email Sender Reputation at all, David?

David Berlind sounds like he's sick of talking to hyperbole-fuelled anti-spam vendors. Can't say I blame him.
It is probably true that if everyone in the world ran just one solution, we’d be able to tweak that solution in such a way that we’d finally get a handle on the inbound and outbound problems associated with spam. When everyone has access to the same technology, there’s a name for that. It’s called a standard. There is zero chance of some proprietary solution becoming the defacto antispam solution for the world. But, if only AOL, Google, Microsoft, and Yahoo (the world’s leading e-mail solution/service providers) would get together and decide on what the non-proprietary standards should be and implement them in their systems, it wouldn’t be long before every other e-mail solution provider would have to follow suit (in order for their e-mails to interoperate).
Well, the thing is, in many ways, AOL, Google and Yahoo are doing what he asks (and even Microsoft is making encouraging noises).

The "standard" the industry's heading towards is "true" sender reputation (i.e., not the DNS-IP-blacklists-on-drugs that we have today). Being able to store and share opinions about the "goodness" of an individual sender and/or sender domain would be incredibly useful, but we're not there yet -- mainly because email is to easy to forge. This is where sender authentication comes in.

So the necessary precursor to sender reputaion is to get everyone using DKIM, so we have a strong method of sender authentication (not just the relatively weak-but-easy SPF/SenderID) -- this is where the big three mentioned above is right now (and as I said, Microsoft is making encouraging noises, despite its wedded bliss with SenderID).

For more, see: