Jun 22 2005

Why We Love Email Authentication, But Why It Won’t Stop Spam

Why We Love Email Authentication, But Why It Won’t Stop Spam

Microsoft made a big announcement today that they’re taking email authentication, in the form of Sender ID, very seriously.  They’re using a stick, not a carrot.  Emailers who do not publish a proper Sender ID record are now going to (a) find themselves in the bulk mail folder at Hotmail and MSN, and (b) have a big fat disclaimer thrown on top of their emails from Microsoft warning users that the email’s source can’t be authenticated.

At Return Path, we’re big fans of authentication, and we’re sponsoring the upcoming Email Authentication Summit in a couple of weeks in New York as one way of supporting the effort — encouraging our clients to get on the ball with authentication is another one.  Here’s what we think it will (and won’t) do:

– It WILL make a big dent in spoofing, phishing, and fraud, right away.  Why?  Because those particular elements of the Internet Axis of Evil are identity-based…therefore, identity authentication will either stop those things, make it easier for consumers to steer clear of them, or make it easier for law enforcement to go after them.

– It WILL NOT make a big dent in spam right away.  Why?  Because spam is much more nuanced than fraud.  If I’m Microsoft, and I know that you are the particular sender of an email into my network, that’s all good and well, but I might not have any idea if I want to accept that mail or not.  Another way of saying this is that spammers can publish Sender ID records, too.

– It WILL lay the foundation for longer-term spam solutions.  Why?  Because it’s important to understand exactly who is sending mail into a network in order to answer that next question of “do I want to accept your mail or not?”  We think the answers to that question lie with accreditation and reputation services.

Obviously, I have my biases.  Return Path owns Bonded Sender, the leading accreditation service, which answers that question by saying “yes – you want to accept this mail, because Return Path and TRUSTe have examined me thoroughly and are vouching for my integrity, they’re measuring how many people are complaining about my mail, and if I get too many complaints, they fine me and kick me out of the program.”

Look for another announcement from us soon about what we’re up to in the reputation space, which is a more complex cousin to accreditation in answering that same question.