There exist two proposals to stem the rising tide of spam. Both proposals involve the authenticity of the message originator. The first proposal comes from Yahoo! and is called "Domain Keys". Here is a brief overview found on their site:
DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e,. that they were not altered during transit). And, once the domain can be verified, it can be compared to the domain used by the sender in the From: field of the message to detect forgeries. If it's a forgery, then it's spam or fraud, and it can be dropped without impact to the user. If it's not a forgery, then the domain is known, and a persistent reputation profile can be established for that sending domain that can be tied into anti-spam policy systems, shared between service providers, and even exposed to the user.
The technique Yahoo! employs requires the use of an encrypted key pair, one is private and the other public. The public key is published in the DNS record for the sending domain. When an email message is transmitted by a user, the private key is added automatically to the message header and is then sent to it's destination. The receiving mail server looks at the message header and grabs the private key. It then does a domain lookup, and compares the public key in the DNS record with the private key in the message header. If there is a match, the message is authentic and it's origination is verifiable. While this does not stop spam from being transmitted, it holds end users and their ISP's accountable. Since the vast majority of spammers utilize forged headers, the accountability alone would likely make a significant impact.
Microsoft proposes a technology known as "Sender ID" as a weapon against spam. Here is Microsoft's overview of the technology and how it works:
The steps in the process are:
The SPF stands for "Sender Policy Framework" in which the email administrator defines which servers are authorized to send mail and which address records (IP Addresses within the domain) are permitted to send to the outbound mail server. Here is an example record which might appear in a DNS lookup:
- The Sender sends an e-mail message to the Receiver.
- The Receiver's inbound mail server receives the mail.
- The Receiver's server checks for the SPF record of the sending domain published in the Domain Name System (DNS) record.
- The inbound e-mail server determines if the sending e-mail server's IP address matches the IP address that is published in the DNS record.
v=spf2.0/pra mx:maila.microsoft.com mx ~all
Here maila.microsoft.com is listed as the authorized outbound mail server, all addresses within the Microsoft domain are permitted to transmit through this server. If someone dialing in through another ISP attempts to relay mail with a From: address of Microsoft, it will not be considered authentic by the receiving mail server. For extra flexibility, an "include: domain" may be added to the record to allow outside domains to be considered authentic.
It's difficult to say which method has more merit, both are in beta testing and show promise. Microsoft's proposal seems more cumbersome to administer, but might be more secure. Please note that neither of these proposals deal directly with spam, only with authenticity of the originating server. By eliminating fraudulent headers, you deprive spammers their ability to hide from detection. These techniques can be used to virtually eliminate false positives from normal antispam filtering and make it easier to track down spammers. However, it will likely take several years for either of these proposals to gain wide enough acceptance to make a significant difference.
Previous Page Next Page