Yahoo Takes Steps To Stop Spam - InformationWeek
Software // Enterprise Applications
04:30 PM
Connect Directly

Yahoo Takes Steps To Stop Spam

The Internet service provider is developing authentication software for digitally signing electronic messages.

Even as the House of Representatives on Dec. 8 approved the first federal bill to outlaw spam--the Can-Spam Act of 2003, which President Bush is expected to sign into law--businesses beset by unsolicited commercial E-mail continue to devise more robust defenses. The latest proposal from Internet service and content provider Yahoo Inc. calls for the deployment of open-source authentication software to verify the Internet domain from which messages originate.

The company is developing code, called DomainKeys, that's compatible with Sendmail and qmail, two popular E-mail transmission programs known as message transfer agents. It anticipates release sometime next year. DomainKeys will use public key cryptography to digitally sign outgoing messages to reassure a public now suspicious of E-mail.

An October study by the nonprofit Pew Internet & American Life Project found that more than half of E-mail users surveyed have become less trusting of E-mail as a result of spam. That's understandable given the ease with which spammers are able to make their solicitations and scams appear to have come from reputable sources.

As the largest commercial provider of E-mail in the United States, according to Nielsen/NetRatings' October numbers, Yahoo has reason to be concerned: Spam accounts for perhaps half of the messages it handles. "Clearly there's a real cost for us, as well as other major players," says Brad Garlinghouse, VP of communication products at Yahoo.

But the damage goes beyond dollars. "The cost to the spoofed companies is staggering," Tom Gillis, senior VP of marketing for anti-spam vendor IronPort Systems Inc., wrote in an E-mail message, "not only in terms of the cost to maintain an infrastructure capable of handling the inevitable influx of mail bouncing from bad addresses, but also the cost to their customer-service departments for handling the complaints, and the immeasurable damage to their reputations as trustworthy companies."

While Garlinghouse acknowledges that sender authentication won't stop spam completely, he sees DomainKeys as a means to restore consumer trust. He says that once "we actually have credibility and confidence that the E-mail that said it came from actually did come from, we then can use other intelligence and filters ... so that an individual user can, with confidence and effectiveness, determine what actually ends up in his or her in-box."

Yahoo is already fighting spam on other fronts. In April, it formed an anti-spam alliance with America Online and Microsoft, to which it remains committed.

As for partners planning to implement DomainKeys, Garlinghouse expects some announcements soon. The software, he says, "is a very neutral solution that doesn't king-make one player. By making it easy for people to adopt a low-overhead, low-cost, highly credible deterrent to spam in the in-box, we're optimistic that we'll have some partnerships as we move forward."

Gillis sees the proposal as a positive step but cautions there's much left to do. "If this technology is adopted, it would be a great battle won in the war on spam, but the war is still far from over," he says. "While this would prevent spammers from imitating trustworthy senders, it does nothing to really limit the spam being legally sent from self-avowed spammers. The next step will be to determine how to stem the flow of spam from authenticated sources."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll