Why We Love Email Authentication, But Why It Won’t Stop Spam
Microsoft made a big
announcement today that they’re taking email authentication, in the form of
Sender ID, very seriously. They’re using a stick, not a carrot. Emailers who
do not publish a proper Sender ID record are now going to (a) find themselves in
the bulk mail folder at Hotmail and MSN, and (b) have a big fat disclaimer
thrown on top of their emails from Microsoft warning users that the email’s
source can’t be authenticated.
At Return Path, we’re big fans of authentication, and we’re sponsoring the
upcoming Email Authentication Summit in a
couple of weeks in New York as one way of supporting the effort — encouraging
our clients to get on the ball with authentication is another one. Here’s what
we think it will (and won’t) do:
– It WILL make a big dent in spoofing, phishing, and fraud, right away.
Why? Because those particular elements of the Internet Axis of Evil are
identity-based…therefore, identity authentication will either stop those
things, make it easier for consumers to steer clear of them, or make it easier
for law enforcement to go after them.
– It WILL NOT make a big dent in spam right away. Why? Because spam is much
more nuanced than fraud. If I’m Microsoft, and I know that you are the
particular sender of an email into my network, that’s all good and well, but I
might not have any idea if I want to accept that mail or not. Another way of
saying this is that spammers can publish Sender ID records, too.
– It WILL lay the foundation for longer-term spam solutions. Why? Because
it’s important to understand exactly who is sending mail into a network in order
to answer that next question of "do I want to accept your mail or not?" We
think the answers to that question lie with accreditation and reputation
Obviously, I have my biases. Return Path owns Bonded
Sender, the leading accreditation service, which answers that question by
saying "yes – you want to accept this mail, because Return Path and TRUSTe have
examined me thoroughly and are vouching for my integrity, they’re measuring how
many people are complaining about my mail, and if I get too many complaints,
they fine me and kick me out of the program."
Look for another announcement from us soon about what we’re up to in the
reputation space, which is a more complex cousin to accreditation in answering
that same question.