As reported by InfoWorld, Yahoo thinks it has found the Ultimate Final Perfect Solution To The Spam Problem (UFPSTTSP). Wait -- don't yawn just yet... Well. Okay, go ahead and yawn.
I can't find any details on their plan. As explained in the article, this is a trusted sender scheme based on public key cryptography. It uses the domain name system, but no details are given. Does it create new DNS records that contain the public key needed to verify that domain? Does everyone who participates have to get a certificate signed by a CA?
A system that stores the public key in a DNS record is similar to the simple sender authentication that I had been thinking about earlier.
What exactly does a trusted sender system do? Spammers register hundreds of domain names. So exactly how does a trusted sender scheme stop spammers? It's a rhetorical question. The answer is: it doesn't.
But, let's look at the bright side of this. If it is a simple scheme of adding a public key to the DNS to be associated with the sending domain, then that seems perfectly acceptable to the little guy, like the guy who wants to run his own mail server at his home. You would need to add the public key to the DNS records and you would need to use the private key to sign messages you send. Then, maybe AOL wouldn't have to take the draconian measure of blocking mail from any consumer Internet account.
Perhaps a scheme that permits the mail submission agent (MSA) to sign the message headers isn't such a bad thing. The question is, will such a scheme ever achieve critical mass? If it does, that would be interesting, in the sense that it took a company initiative -- and not the IETF -- to bring it about. The IETF has shown itself to be paralyzed in any effort to solve the spam problem.
Posted by Doug Sauder at December 5, 2003 09:37 PM