Earthlink to Test Caller ID for E-Mail

5 Mar 2004

      The "whitelist for my friends" part of "a whitelist for my friends, all
others pay cash" seems to be underway...

If we really do get cryptographic signatures on email in a way that works,
expect 80% of all spam to be blown away as a matter of course.

Cheers,
RAH
-------

http://www.pcworld.com/resource/printable/article/0,aid,115094,00.asp  

PCWorld.com

 Earthlink to Test Caller ID for E-Mail

New systems could fight spam and Internet scams, company says.

Paul Roberts, IDG News Service
Friday, March 05, 2004

ISP Earthlink will soon begin testing new e-mail security technology,
including Microsoft's recently released Caller ID technology, a company
executive says.
AdvertisementEarthlink will be experimenting "very soon," with "sender
authentication" technology including Caller ID and a similar plan called
Sender Policy Framework (SPF). The Atlanta-based ISP will be evaluating
other e-mail security proposals as well, but is not backing any specific
technology, says Robert Sanders, chief architect at Earthlink.

Plans to secure e-mail by verifying the source of e-mail messages have
garnered much attention in recent months, as the volume of spam has swelled
and the number of Internet scams has increased.

Spammers and Internet-based criminals often fake, or "spoof," the origin of
e-mail messages to trick recipients into opening them and trusting their
content. Sender authentication technologies attempt to stop spoofing by
matching the source of e-mail messages with a specific user or an approved
e-mail server for the Internet domain that the message purports to come
from.

Different Strategies

So far, Earthlink has stayed out of the sender authentication fray while
Web-based e-mail services, including Yahoo and Hotmail, and major ISP
America Online, have all backed slightly different sender authentication
proposals.

Yahoo is promoting an internally developed technology called DomainKeys,
that uses public key cryptography to "sign" e-mail messages.

AOL said in January that it is testing SPF for outgoing mail, publishing
the IP (Internet protocol) addresses of its e-mail servers in an SPF record
in the DNS (Domain Name System).

Finally, Microsoft-owned Hotmail is publishing the addresses of its e-mail
servers using that company's recently announced Caller ID standard.

Earthlink believes that sender authentication is necessary, and is prepared
to support multiple sender authentication standards if necessary. However,
the company hopes that one clear winner emerges from the field of competing
proposals, Sanders says.

"I don't think it's unlikely that we'll see two or three coexisting
proposals go into production. We had hopes that they would be able to
merge, but I think at this point each standard adds a different function,
and we're unlikely to see a merger," he says.

Coming Soon?

For now, Caller ID and SPF will probably make it into production first,
because neither require companies to deploy new software to participate in
the sender authentication system, he says.

Earthlink is also interested in proposals like Yahoo's DomainKeys, which
allows e-mail authors to cryptographically sign messages, enabling
recipients to verify both the content of a message and its author. However,
DomainKeys is more complicated to deploy than either Caller ID or SPF and
requires software changes that will slow implementation, he says.

Earthlink is not backing any proposal but is interested in looking at the
results of its trial deployments, and those of other organizations.

"We have to get real world data from people who have deployed SPF or Caller
ID," he says.

The company is also a member of the Anti-Spam Technical Alliance, an
industry group that includes Microsoft, AOL, Yahoo, Comcast, and British
Telecommunications, and continues to participate in meetings and
initiatives through that organization, he says.

Microsoft's backing of Caller ID and its plans to use that technology for
Hotmail tips the scales in favor of that technology, he says.

"One factor that determines what you, as an e-mail sender, deploy is the
important question of 'Who am I sending mail to?' What the larger [e-mail]
receivers deploy is what you're going to support," he says.

-- 
-----------------
R. A. Hettinga 
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

R. A. Hettinga

pgut001＠cs.auckland.ac.nz

Eugen Leitl

pgut001＠cs.auckland.ac.nz

Eugen Leitl

R. A. Hettinga

Steve Furlong

Ben Laurie

Eugen Leitl

R. A. Hettinga

tags

participants (5)