The war against spam has turned into an arms race of sorts, with AOL, Microsoft Corp., Yahoo! and Earthlink each favoring similar but distinct e-mail authentication technologies.
Each company has lined up behind one of three anti-spam mechanisms: Caller ID, DomainKeys and Sender Policy Framework (SPF).
While the proposals are touted as highly effective and may hold significant promise for dramatically reducing spam, some observers worry they may be part of a longer-term plan to change the economics of e-mail and the control of Internet access.
Microsoft Corp. Chairman and Chief Software Architect Bill Gates in February outlined his companyâs long-term strategy for addressing spam, including a proposal for so-called "Caller ID for E-Mail." Intended to foil spammers spoofing the "From" addresses of legitimate marketers, Caller ID for E-Mail verifies the domain from which a message is sent.
"Spam is our e-mail customersâ No. 1 complaint today, and Microsoft is innovating on many different fronts to eradicate it," Gates said in a statement. "We believe that Caller ID for E-Mail and the Coordinated Spam Reduction Initiative will help change the economic model for sending spam and put spammers out of business." The Coordinated Spam Reduction Initiative is Microsoftâs umbrella name for its overall anti-spam strategy, which includes Caller ID.
Microsoft Caller ID endorsed
Brightmail, an anti-spam technologist, and Sendmail, a provider of secure enterprise e-mail systems, have both endorsed Microsoftâs Caller ID. Brightmail will partner with Microsoft to test the program in conjunction with its own Reputation Service, which measures the senderâs reputation for sending legitimate e-mail versus spam. Sendmail plans to develop software tools for Microsoftâs program as plug-ins, the company said.
Separately, Sendmail and Yahoo! announced they will begin testing Yahoo!âs DomainKeys this month. Another authentication solution, DomainKeys is based on cryptography that generates a unique signature to verify an e-mail senderâs identity. It is considered more complex than Caller ID or Sender Policy Framework, the third authentication protocol that has surfaced.
AOL in January said that it would begin testing SPF. Last week, Earthlink joined the fray, announcing it would begin testing both Caller ID and SPF.
Many in the e-mail industry are excited by the authentication schemes and their promised effectiveness against spam.
"I think SPF and Caller ID will do more over time to curtail spam than any other spam prevention technology that has come before them," said Bill Nussey, CEO of e-mail marketing company Silverpop. "Theyâre incredibly simple to implement, so theyâll get wide adoption quickly, and itâs going to be effective because if a sender is willing to authenticate themself, then the spam gateways [ISPs] have an easy process to go through." Nussey said that the most egregious spammers cannot use authentication technology; if they do, they will be identifiable.
Authentication is the element that sets it apart from other anti-spam technologies, such as those that filter content, examine header information or compare sender addresses against so-called blacklists and whitelists.
"Before they even worry about whatâs in each message, they stop people from sending," said Sara Radicati, principal at Palo Alto, Calif.-based Radicati Group, a technology market researcher.
Observers note that because DomainKeys is more complex than Caller ID or SPF, it will be harder to implement and may take longer to gain traction. "Caller ID wants to have domain addresses tied to IP addresses," said Ken Schneider, chief technology officer at Brightmail. DomainKeys, he said, "puts a further step on top," by signing outbound messages with a digital signature that can be matched with a public signature at the domain and mail server level.
Another year or two
Most agree it will take another year or two for the technologies to be adopted. "Solving the identity issue is a very complex problem," said a Yahoo! spokeswoman. "Just like it takes a multifaceted approach to solving spam, it will take multiple solutions to solving the identity issue."
While some observers feel multiple approaches will co-exist, others believe only one or two will remain standing. "I think weâll come back to one or two standards," said Kevin Johnson, senior VP-products and marketing at Digital Impact, San Mateo, Calif.
Johnson is working with his peers in the E-Mail Service Providers Coalition, an industry group of e-mail marketing companies, to test all three over the next several months "to come to an agreement on what we should be using as an industry."
E-mailer Internet Security Systems, Atlanta, is cautiously optimistic about authentication technology. "I think ultimately itâs a good thing for us from a marketing perspective," said Karyn Mullins, director of Internet and business solutions. "Our customers will be confident e-mail from us is really from us."
She cautioned the anti-spam technology landscape is still significantly fragmented. She also indicated implementation would be a challenge. "Itâs not high on the list for our IT people," she said. "Itâs not difficult or costly, but we need the resources to implement it on our services." She said that challenge will multiply for IT departments at any e-mail marketer looking to implement Yahoo!âs DomainKeys, given its added complexity.
All three productsâCaller ID, DomainKeys and SPFâare going to be offered to the e-mailing community on an open source basis, the companies said. But industry sources say "backroom discussions" between the supporters of the three proposals to combine the best of each and rally behind one specific product did not gel, despite the fact that the major ISPs are all part of a loose coalition called the Anti-Spam Technical Alliance that has been discussing this very issue for months.
At least one industry observer predicted these anti-spam mechanisms will lead to charging users for access to a secure e-mail environment.
"They [ISPs] are moving towards a concept of closed secure networks," Radicati said, adding that the opportunity to create closed communities likely contributed to each ISP choosing a different standard. "Thereâs a very deep underlying commercial reason for it," she said, predicting several billion dollars in future revenues to ISPs and security technology providers.
Anne P. Mitchell, president-CEO of the Institute for Spam and Internet Public Policy, concurred. "There may come a time down the road where in order to send or accept mail, you may have to pay a fee or a royalty to Microsoft or Yahoo!"
But others disagreed. "Iâm not sure that endorsing these standards gets them closer to charging a toll," Nussey said. "If I were AOL or Microsoft and I wanted to charge a toll, there are much simpler ways to do it."
One e-mail marketer suggested it wouldnât be a bad thing. "Earthlink [already] has a challenge response system and they charge for that," said Johnson, calling it "a very real cost" for marketers. Johnson said he employs people to process challenge-response," and said if an ISP were to take on the process and ensure deliverability in exchange for a charge he likened to a postage stamp, it would save him the burden. "If I pay a postage fee and the ISP guarantees it goes through, Iâd rather pay the postage."