Home / Blogs

Yahoo’s New Domain Keys: Will it Be Effective?

To paraphrase an old Klingon proverb, there can be no spam solution, so long as e-mail is free. Yahoo has unveiled plans to launch its Domain Keys software as an open-source toolkit in 2004. The intent is to allow developers of major e-mail systems to integrate Yahoo’s public/private key authentication system into their own software and thus create momentum for a standard whose raison d’etre is identify verification. This is a commendable effort, but a closer look reveals that it will not only not stop the spam problem, it may have almost no effect at all.

The first hurdle is that spam is not currently illegal in the United States. A quick check on David E. Sorkin’s excellent spamlaws.com reveals that the United States is strangely bereft of such laws at the federal level, especially compared to other countries in the world. What is the good of identifying the senders of junk mail if we have no legal recourse against them?

Lawrence Lessig has already staked his Stanford Law School Professorship on the bet that legislation against unsolicited e-mail ? if ever enacted ? would significantly reduce the amount of the spam received in the United States. And it might, for a time, as US-based spamming operations are shut down (assuming the law was enforced). But then there would be a second hurdle ? that an increasing amount of spam is coming from foreign countries whose legal systems have bigger problems than Americans being annoyed at receiving free junk mail.

There are problems from a technical perspective as well. Yahoo’s scheme works by authenticating the source ISP, requiring its infrastructure to be upgraded to support their technology, but not their users’. If authentication is not possible, then the theory is that the e-mail would be rejected by systems using this platform. But of course, unless 99.9% of e-mail users upgrade to such a system, rejecting e-mail from other users would be an even more draconian approach than challenge/response solutions.

The adoption of such a technology would segment across various dimensions, but economic factors would likely be the most important. In other words, large corporations, educational institutions and commercial ISP’s ? all primarily in first world nations ?would be able to deploy these solutions in a systematic fashion. But the rest of the world, without large IT departments to maintain their networks, would be left behind. Since one of the driving forces behind e-mail adoption has been universal communication, this is simply not acceptable. So in all likelihood, it would have to be integrated with a challenge/response architecture to be viable.

But challenge/response technology’s fundamental problem is making contact for the first time. Simply put, the first e-mail you send to someone will not be received by them ? until you authenticate yourself. If your sending e-mail device has a different reply-to address, then this introduces significant delays in message transmission. A user’s level of Internet experience correlates positively with both the amount of spam they receive as well as the importance of e-mail in their daily lives. The reason most such power users have not adopted challenge/response technology is because the benefit of immediately receiving new e-mail ? and the guarantee of receiving all e-mail ? outweighs the annoyance of dealing with spam.

Regular US mail is a completely open system, where anyone can send a piece of mail to anyone else, without a return address, or with a false one. One of the reasons regular junk mail isn’t as annoying as spam is because of the variable cost associated with sending physical mail. Junk mailers will simply not send out a campaign unless their projected response rate is high enough to justify the cost of sending the mail. Since junk e-mail is available at zero variable cost to spammers, they can sell their services to unscrupulous organizations at far lower rates than physical mail, making spam campaigns far more cost effective. Thus the average person probably gets a lot more spam ? and of a far more graphic nature, due the anonymous benefits of Internet commerce ? than they get junk mail.

Associating a very small fee with each e-mail ? say one tenth of a cent for “postage”, as has been proposed by some ? would not affect the amount of e-mail sent by most individuals (1,000 e-mails would cost only $1) but it would effectively destroy the spamming business (1,000,000 e-mails would suddenly cost $1,000).

The difficulty is moving the world to a new standard ? particularly when many foreign companies, especially in former Soviet republics, are employing some of the world’s most talented programmers to fight against spam reduction efforts. The only solution will likely be a brand new Internet.

By Shuman Ghosemajumder, Editor, shumans.com

Filed Under

Comments

tech-poem  –  Dec 16, 2003 10:31 PM

It doesn’t work well when anyone can buy a new domain name as low as $7. A spammer can buy a domain and send hundred thousands of email!...The emails that come from this domain are still authentic in the eyes of Yahoo!‘s Private/Public Keys. Also a Real email account in a real domian will be still enable of sending hundreds or even thousands of emails every day. and if the domian owner close the spammer account as a penalty, he/she can simply open another free email account.
Yahoo! thinks that the only problem is sending forged or faked emails?
I’m sure that it is another RUSH action in the communication world!
We’ve designed another system against Spam…A new mail transfer protocol named Negotiable Mail Transfer Protocol, which is much more effective than Yahoo!‘s proposal. For more information please check this link:
http://www.gvcp.com/paper/gvcp2232.pdf

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API