2 min read

Yahoo Aims Crypto App At Spam

Internet portal company secures its Yahoo Mail service with authentication software; ISP EarthLink tests the technology
Yahoo Inc. last week rolled out new artillery in the war on spam, arming its online E-mail service with cryptographic technology that can make it harder for junk E-mailers to hide their identities. Internet service provider EarthLink Inc. says it has begun testing the technology.

Yahoo is incorporating cryptographic authentication software it developed, called DomainKeys, into its Yahoo Mail service. It's designed to protect customers from the kind of spam used to "phish" for Internet users' personal information by posing as a message from a trusted brand-name company or from E-mails that obscure their senders' identity. If the software detects that the sender of an E-mail message has changed information in its header--which contains its electronic routing information--DomainKeys is more likely to help label the message spam.

"Authentication is really the first step in the spam fight we've been waging," says David Maynes, a principal engineer at EarthLink. Once EarthLink identifies an E-mail's sender, it's easier to screen out spam offenders, he says.

Yahoo's software is one of two leading technologies for E-mail authentication; the other is Microsoft's Sender ID, which helps secure Hotmail customers. Sender ID relies on lists of computers that are authorized to send E-mail. Participating companies publish lists of their E-mail servers; if a sender isn't on the list, its message is scrutinized more carefully.

DomainKeys validates messages cryptographically to ensure that header information and contents haven't been forged.

For companies that do a lot of E-mail marketing, authentication technologies are an attractive way to make sure their messages don't get blocked. Authentication technology can help restore confidence in E-mail as a marketing medium, says Dave Lewis, VP of deliverability management for E-mail marketer Digital Impact Inc.

In a recent letter to the Federal Trade Commission, a Cisco Systems executive argued that authentication systems "will result in cost savings and efficiency benefits for users."