First off, I'm no expert on the anti-spam world. But I do happen to track what's going on in that world and know some of the folks who are important there.
You might have read about Yahoo's "Domain Keys" announcement. Many folks have weighed in publicly as have many others in private e-mail lists. By all accounts, the larger community of anti-spam folks were generally surprised by Yahoo's announcement. And that's a problem in my mind.
I'm not sure if it's arrogance, stupidity, or a need to somehow impress the world with Yahoo's ability to "innovate" (it's really not a new idea), but it strikes me as rather misguided.
Why?
Spam is not going to be solved by a single company. There's a large community of hackers and business folks working on it. They cooperate, share information, discuss trends, and brainstorm new ideas. This happens all the time in that world.
Yahoo said its "Domain Keys" software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems.
For a company that uses ass-loads of Open Source software, you'd think they'd open up the development on something that's this important. And I don't mean this "we'll release when it's ready" method they're apparently using. I mean "here's our CVS tree and design documents. We welcome your feedback, patches, and ideas for improving the system." That kind of "open." Just like SpamAssassin, for example.
What would have been helpful is for the folks at Yahoo Mail to explain why they've not adopted or tried to get more involved in some of the other upcoming initiatives, such as SPF. Heck, it'd be nice if I could go to antispam.yahoo.com to find out about everything Yahoo's doing in this area. (Note: part of that site appears to be a dynamic ad-like module, so your chances of getting a good answer seem to be random. Or you could just keep hitting the reload button.)
Amusingly, on Yahoo's own antispam site, I see the two most recent headlines are:
- Yahoo! Advances Anti-Spam Strategy with Easy-to-Use Tools that Empower Users and Improve Integrity of E-mail
- America Online, Microsoft, and Yahoo! Join Forces Against Spam
Do you notice what I notice? First, there's no mention of "Domain Keys" there. The latest headline is from October 21st. Second, they trumpet the fact that AOL, Microsoft, and Yahoo! have decided to "Join Forces" but this isn't reflected in any of the "Domain Keys" information we've seen.
What's going on here?
If Yahoo, MSN, and AOL had jointly announced this, we'd have a whole different beast on our hands. But since it seems a lot more like another lone cowboy going after the bandits (again), it doesn't have the same level of credibility.
Anyway, the reaction in the anti-spam community (at least the parts of it that I see) hasn't been very rosy. I've seen a lot of "well... good luck" comments, suggesting that there's little chance of it getting much traction. The more positive ones have been along the lines of "sure, it'll help... but not much."
See Also:
- Keys to the Domain
- Yahoo Domain Keys: Another Ineffective Spam Remedy
- Yahoo Thinks They Have The Spam Solution (Not)
- Trusted Email Open Standard
Oh, and in case it's not abundantly clear, I don't speak for my employer on my weblog. Anyone who thinks otherwise needs some serious medication.
Posted by jzawodn at December 06, 2003 08:21 PM
If medications needed, i received some offers by e-mail for xanax, zoltek, prozac, etc..
(enough kidding)
I got a bunch of anti-spam emails too. Perhaps Yahoo might find those useful?
Hmmm... I read
"Yahoo said its "Domain Keys" software [...] will be made available freely to the developers of the Web's major open-source e-mail software and systems."
and
"If we can get only a small percentage of the industry to buy in [...]"
So I guess the software (like "binaries") will be free (as in beer) but probably not the source. And probably only the client software; the second quote sounds like you have to pay some license fee or something to Yahoo if you are an ISP and want to use it.
What we need is an open and free (as in RFC) solution, not a whole bunch of isolated applications scattered over the whole net.
I'm as much against this proposal as everyone else is, but I read "buy in" as "begin to use", not "spend money on"
I'm not native English, so maybe I misread that part. But the only translation I could find for "buy in" meant something like "spend money" :)
Yeah, ok, ... yes, "buy in", in "native" english usually just means "adopt as a practice".
I'll believe any anti-spam measure works, the day I look at my inbox and don't find any spam in it...
Yahoo's solution seems to depend on everyone adopting it. While that'd be nice, somehow I don't see it happenning...
Well, if its something that everything needs to participate in...its seems like that would be a job for the government...?
Jared: Which government? The Internet is international. :)
IMHE governments getting involved in the affairs of the net never goes well... How many times have governments messed up spam laws now?
Which is a shame, because I think the threat of a bit of jail time might have the spammers thinking twice...
Very interesting stuff Jeremy... I like it!
ISP's and anyone else running a mailserver have the option of turning on authentication (SMTP AUTH) so that one has to authenticate before being able to send an email. If ISP's haven't bothered to enforce this I see little reason why they would implement the Yahoo initiative.
So I don't think this will go anywhere at all. Not to mention that Yahoo is doing this on their own with little or no input from anyone else.
I am using Mozilla Thunderbird to combat spam, but it does not filter all mails. The only way to really get rid of reading spam mails, is to set up a white list.
I went out with a girl who never gets spam. She just has her hotmail turned to block everyone except people in her address book. How often does she want any email from a person she doesn't know? Not overy often. So it works well for her.
