• by May 19, 2004

Yahoo! has released an email standard to prevent spammers from embedding unwanted messages in legitimate email addresses. Yahoo! has had the proposed standard, called DomainKeys, for a while, but it's now hoping to drive widespread acceptance. If that happens, it could help legitimate email marketers separate themselves from spam.

Spam now accounts for up to two-thirds of all email traffic.

The DomainKeys standard works in the following way: Incoming email messages would have a digitally encoded header using a private key that syncs up to the public key of the sender's domain. The server on the receiving end of the email message then combines the private and public keys to decrypt the signature. The system essentially checks signatures on incoming messages to see if they match. If they don't, the technology enables Internet providers to block them.

That Yahoo! is spear-heading the standard is productive--it's the sort of thing industry leaders do, and as a major email services provider, it has much at stake.

"We are committed to protecting people from issues around spam and email forgery and we are very encouraged by the progress made with the DomainKeys authentication solution to solve these issues," said Mary Osako, senior director of communications for Yahoo!, in a statement.

Yahoo!'s website offers an "Anti-Spam Resource Center" with detailed descriptions of "email spoofing" and DomainKeys, among other terms.

For example, "email spoofing" is defined as: "The forging of another person's or company's email address to get users to trust and open a message. ... Without sender authentication, verification, and traceability, email providers can never know for certain if a message is legitimate or forged and will therefore have to continually make educated guesses on behalf of their users on what to deliver, what to block, and what to quarantine, in the pursuit of the best possible user experience." Sender authentication is needed, to be sure.

In order for it to make a difference, Yahoo! will need providers of email technology to incorporate the DomainKeys standard en masse. Sendmail Inc. has already said it will include the standard in its email software.

Meanwhile, Microsoft Corp., which has a huge email user base via Hotmail and MSN, is developing an email authentification system to fight spam. It's also using Ironport Systems' email certification system whereby mass emailers must put up a bond issue before they're allowed to send email to the company's customers. Ironport maintains a list of legitimate email senders before allowing email to be distributed.

Hopefully there won't be a standards war over this issue.