Yahoo hasn't released the details of its Domain Keys (DK) plan for signing email messages. But there are a couple of articles online. At eWeek, Larry Selzer is skeptical. He says:
Something of this magnitude isn't done unless it's really, really necessary. And (this is important) you absolutely have to get it right the first time.
Whether it's really, really necessary is hard to say. But he's right on about the need to get it absolutely right. You can't move millions of people to an updated email system, and then say "oops!"
Larry questions whether DK will stop the spam problem. We know it won't.
However, being able to confirm, with reasonable certainty, the mail domain that a message originated from does have value not directly related to spam. It could help to prevent "Joe Jobs," a situation where an innocent user gets flooded with returned mail messages or hate-mail replies because a spammer forged the return address. It's not a good idea to send a returned mail message from a spam filter because of Joe Jobs. But it's not a good idea to not send a returned mail message either, because sometimes spam filters catch the mail of innocent senders. Either way, returned mail notification, or no returned mail notification, innocent people are wronged. A good solution would be to send a returned mail message if the sender's domain is confirmed through something like DK.
To digress slightly, maybe sending returned mail messages is the wrong approach. Instead of sending these negative acknowledgements, we should be sending positive acknowledgements when mail is successfully received. But that's another discussion for another time.
A second article is at BusinessWeek Online. Here's an interesting quote:
A unilateral move from a powerful commercial entity such as Yahoo, however, threatens to overtake the Internet's governing bodies and could effectively cede control of e-mail technology standards to the mammoth ISPs.
I don't quite agree with the idea expressed. Many of the IETF's approved standards originated when someone created an implementation, then went to the IETF with a draft, which resulted in the formation of a working group, which eventually lead to the publishing of an RFC. If Yahoo submits working code and a draft specification, how is that any different?
One final thought about DK. Those of us who are accustomed to using open source software probably see an upgrade to DK as not much of an issue. However, for enterprises that married themselves to Microsoft Exchange, Lotus Notes, or Novell Groupwise, an upgrade to DK may cost them some real money. That would be a significant barrier to broad adoption.
Posted by Doug Sauder at January 13, 2004 10:00 PM