Yahoo has launched DomainKeys, a system similar to, and competeting with SPF.
When email was first developed there was a small community on what became the Internet, systems could trust each other, and email was designed to trust what the sender was saying. Spammers have since figured out how easy it is to forge headers to fool email servers, and abuse the system. Which is made possible because email wasn’t desgined to require authentication (or proof you are who you say you are).
DomainKeys and SPF are both systems designed to provide a way to authenticate/validate the remote server. In a sense so that you can verify that someone who says they are Yahoo or AOL are really Yahoo or AOL. I think both are a step in the right direction given the impossibility of replacing what we know as email for the entire Internet.
Lets review things that have to happen in order for either of these systems to be effective with spam.
- You need mass deployment.
- It needs to be easy to use.
With AOL supporting SPF, and now Yahoo with DomainKeys there is definately support from the major email providers. Microsoft is even comming into the mix with their own version for Hotmail. And their in lies the problem… three competeting standards.
Now for this to be effective for the wider Internet you have to convince the SMBs and boutique shops to install and use the systems, which means that you need easy integration/support with: 1) Microsoft Exchange, 2) Sendmail, 3) Postfix, 4) qmail, and 5) Exim. Why you ask, Exchange has to be the most common email system for businesses, sendmail is installed by default on every Unix variant OS, and Postfix, qmail, and Exim are popular alternatives for higher volume systems running a Unix platform.
I worry that with a lack of easy integration with mail servers, and technologies from different companies competeting to be the standard, it will be quite some time before we see any real trackson with this problem.