- DomainKeys: "cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit." Supported by Yahoo, Google, and, I think, Earthlink.
- Sender Policy Framework SPF: Wikipedia - "SPF allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path)". Spammers, however, were early adopters of SPF. SPF has been championed by AOL.
- SenderID: was a combination of SPF and "Caller ID". Unfortunately Microsoft has the relevant patents and they chose to use those patents to attack open source software. The result was the rejection of SenderID. (SenderID also uses SPF, so it's "SPF + Caller ID")
SenderID has the advantage of Microsoft's support, but the Wikipedia article makes it sound awful on several levels.
That leaves DomainKeys, which has been adopted by Google and Yahoo. Yahoo owns the key patent, but they produced an open source type license.
I have two ISPs: VISI and Lunarpages. VISI doesn't do support any form of email authentication (they promised to put my request on the list), but Lunarpages supports SPF -- unfortunately SPF doesn't seem to amount to much.
I get the sense that first rank ISPs will support DomainKeys, and that corporate pressures may force support of SenderID too -- no matter how ugly it is. In the meantime, I'll just encourage my ISPs to look at DomainKeys more seriously.
Post a Comment