Advertisement
Promo

Security threats Toolkit

Yahoo and Sendmail ally against spam

Stefanie Olsen CNET News

Published: 25 Feb 2004 08:45 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Internet company Yahoo and software provider Sendmail said on Tuesday that they will jointly develop a system for authenticating email, with the goal of mitigating spam.

The two Silicon Valley companies announced support of DomainKeys, a proposed system for verifying the identity of an email sender and reducing email forgeries. Yahoo -- which runs a Web-based email service used by more than 39 million people in the United States, according to Nielsen/NetRatings -- plans to develop and test the system by March. Sendmail's open-source technology, which routes the bulk of corporate email to and from the Internet, will be integral to the experiment.

"In working with Sendmail, and other industry leaders, we are able to develop a powerful authentication solution to solve the spoofing problem and lay the foundation for future anti-spam advances," Brad Garlinghouse, Yahoo's vice president of communication products, said in a statement.

In a separate announcement, Sendmail said on Tuesday that it will back Microsoft's system for identifying the origin of email, which is an initiative called "caller ID for email" that aims to cut down on fraud. Sendmail will develop software tools for Microsoft's program as plug-ins for its open-source and commercial software.

For its part, AOL is experimenting with its own authentication system. In January, the online unit of media giant Time Warner said it implemented SPF, or Sender Permitted From, which is an emerging authentication protocol for preventing email forgeries. The trial involves the company's 33 million subscribers worldwide and is the first large-scale test for the protocol, which standards groups are considering along with various other email verification proposals.

Yahoo, Microsoft, AOL and others are trying to soften a growing headache for Web surfers and corporations. More than 50 percent of email sent today is unwanted junk email, and the spam volume costs mail providers millions of dollars in hijacked bandwidth, storage and defence measures.

Key to thwarting spammers is developing methods to verify that people are who they say they are. Email spoofing is one of the toughest problems for Internet service providers and anti-spam companies to crack, largely because Simple Mail Transfer Protocol (SMTP) -- the method for sending email -- offers no widespread means to detect and authenticate a sender's identity. Junk mailers typically cover their tracks by hacking into unprotected email servers or open relays, or by falsifying names and email addresses in the mail sender field.

DomainKeys is a proposed system that attaches encrypted "keys" or tags to every email sent -- with one key held in a public database and another key, which is private, linked to the message. Once the message is delivered, the receiver could match up the private key to the public key held in the open database to verify the sender's identity. But if the public key cannot corroborate the signature, the message would be subject to the receiver's spam policy.

Following their tests, Yahoo and Sendmail plan to develop an open-source package for wider adoption in the industry. Late last year, Yahoo said that it was developing DomainKeys for its mail system and Tuesday's announcement builds on that initiative.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
48 out of 105 people found this useful


Full Talkback thread

0 comments


Company/Topic Alerts

Create a new alert from the list below:




Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters