First off, I'm no expert on the anti-spam world. But I do happen to track what's going on in that world and know some of the folks who are important there.

You might have read about Yahoo's "Domain Keys" announcement. Many folks have weighed in publicly as have many others in private e-mail lists. By all accounts, the larger community of anti-spam folks were generally surprised by Yahoo's announcement. And that's a problem in my mind.

I'm not sure if it's arrogance, stupidity, or a need to somehow impress the world with Yahoo's ability to "innovate" (it's really not a new idea), but it strikes me as rather misguided.


Spam is not going to be solved by a single company. There's a large community of hackers and business folks working on it. They cooperate, share information, discuss trends, and brainstorm new ideas. This happens all the time in that world.

Yahoo said its "Domain Keys" software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems.

For a company that uses ass-loads of Open Source software, you'd think they'd open up the development on something that's this important. And I don't mean this "we'll release when it's ready" method they're apparently using. I mean "here's our CVS tree and design documents. We welcome your feedback, patches, and ideas for improving the system." That kind of "open." Just like SpamAssassin, for example.

What would have been helpful is for the folks at Yahoo Mail to explain why they've not adopted or tried to get more involved in some of the other upcoming initiatives, such as SPF. Heck, it'd be nice if I could go to to find out about everything Yahoo's doing in this area. (Note: part of that site appears to be a dynamic ad-like module, so your chances of getting a good answer seem to be random. Or you could just keep hitting the reload button.)

Amusingly, on Yahoo's own antispam site, I see the two most recent headlines are:

Do you notice what I notice? First, there's no mention of "Domain Keys" there. The latest headline is from October 21st. Second, they trumpet the fact that AOL, Microsoft, and Yahoo! have decided to "Join Forces" but this isn't reflected in any of the "Domain Keys" information we've seen.

What's going on here?

If Yahoo, MSN, and AOL had jointly announced this, we'd have a whole different beast on our hands. But since it seems a lot more like another lone cowboy going after the bandits (again), it doesn't have the same level of credibility.

Anyway, the reaction in the anti-spam community (at least the parts of it that I see) hasn't been very rosy. I've seen a lot of "well... good luck" comments, suggesting that there's little chance of it getting much traction. The more positive ones have been along the lines of "sure, it'll help... but not much."

See Also:

Oh, and in case it's not abundantly clear, I don't speak for my employer on my weblog. Anyone who thinks otherwise needs some serious medication.

Posted by jzawodn at December 06, 2003 08:21 PM

Reader Comments
# JoeB said:

Like qualudes?

on December 6, 2003 09:02 PM
# juan said:

If medications needed, i received some offers by e-mail for xanax, zoltek, prozac, etc..
(enough kidding)

on December 6, 2003 09:37 PM
# JoeB said:

I got a bunch of anti-spam emails too. Perhaps Yahoo might find those useful?

on December 6, 2003 10:29 PM
# Malte said:

Hmmm... I read
"Yahoo said its "Domain Keys" software [...] will be made available freely to the developers of the Web's major open-source e-mail software and systems."
"If we can get only a small percentage of the industry to buy in [...]"

So I guess the software (like "binaries") will be free (as in beer) but probably not the source. And probably only the client software; the second quote sounds like you have to pay some license fee or something to Yahoo if you are an ISP and want to use it.

What we need is an open and free (as in RFC) solution, not a whole bunch of isolated applications scattered over the whole net.

on December 7, 2003 07:08 AM
# Derek said:

I'm as much against this proposal as everyone else is, but I read "buy in" as "begin to use", not "spend money on"

on December 7, 2003 07:30 AM
# Malte said:

I'm not native English, so maybe I misread that part. But the only translation I could find for "buy in" meant something like "spend money" :)

on December 7, 2003 07:40 AM
# Derek said:

Yeah, ok, ... yes, "buy in", in "native" english usually just means "adopt as a practice".

on December 7, 2003 11:14 AM
# Alden Bates said:

I'll believe any anti-spam measure works, the day I look at my inbox and don't find any spam in it...

Yahoo's solution seems to depend on everyone adopting it. While that'd be nice, somehow I don't see it happenning...

on December 7, 2003 03:13 PM
# jared said:

Well, if its something that everything needs to participate in...its seems like that would be a job for the government...?

on December 8, 2003 01:29 AM
# Alden Bates said:

Jared: Which government? The Internet is international. :)

IMHE governments getting involved in the affairs of the net never goes well... How many times have governments messed up spam laws now?

Which is a shame, because I think the threat of a bit of jail time might have the spammers thinking twice...

on December 8, 2003 02:41 AM
# Bob said:

The US government is the only one that matters.

on December 8, 2003 03:02 AM
# Christoph C. Cemper said:

Very interesting stuff Jeremy... I like it!

on December 8, 2003 05:00 AM
# Tim A said:

ISP's and anyone else running a mailserver have the option of turning on authentication (SMTP AUTH) so that one has to authenticate before being able to send an email. If ISP's haven't bothered to enforce this I see little reason why they would implement the Yahoo initiative.

So I don't think this will go anywhere at all. Not to mention that Yahoo is doing this on their own with little or no input from anyone else.

on December 8, 2003 06:24 AM
# Clemens said:

I am using Mozilla Thunderbird to combat spam, but it does not filter all mails. The only way to really get rid of reading spam mails, is to set up a white list.

on December 8, 2003 02:26 PM
# Madison said:

I went out with a girl who never gets spam. She just has her hotmail turned to block everyone except people in her address book. How often does she want any email from a person she doesn't know? Not overy often. So it works well for her.

on December 11, 2003 05:34 PM
Disclaimer: The opinions expressed here are mine and mine alone. My current, past, or previous employers are not responsible for what I write here, the comments left by others, or the photos I may share. If you have questions, please contact me. Also, I am not a journalist or reporter. Don't "pitch" me.


Privacy: I do not share or publish the email addresses or IP addresses of anyone posting a comment here without consent. However, I do reserve the right to remove comments that are spammy, off-topic, or otherwise unsuitable based on my comment policy. In a few cases, I may leave spammy comments but remove any URLs they contain.