The Email Wars

While some e-mail services have adopted SenderID, there are still many that have not. According to Cox, the other reason for the false positives is that not all users remain on a single server. “SPF says, ‘All of my mail should come from these servers,’” says Cox. For many of EarthLink’s customers, they can be legitimately on a variety of servers, such as a corporate server, and still send and receive mail using their EarthLink address. For those users, SPF fails.

EarthLink started testing DomainKeys in the first quarter of 2005 and now signs over 70% of all outgoing mail. Other companies are also testing DomainKeys. Yahoo! Mail claims to be receiving approximately 350 million inbound DomainKeys signed messages per day.

Critics have accused Microsoft forcing SenderID on the industry without addressing questions about perceived shortcomings. The company drew fresh criticism recently when reports claimed that its Hotmail service would delete all messages without a valid SenderID record beginning in November. While AOL uses SPF, many e-mail systemsdo not. If Microsoft went through with this, for example, a significant portion of valid e-mails would never reach intended Hotmail recipients.

Microsoft says that Hotmail will not junk legitimate e-mail solely because the sending domain lacks an SPF record. The company says SenderID will be weighed more heavily in filtering e-mails, but will remain one of the many factors used when evaluating incoming e-mail. The company did say that with increased adoption of Sender ID and SPF, it will eventually become a more reliable indicator.

Both SenderID and DomainKeys filter messages with spoofed e-mail addresses in which the sender has changed the “From:”field to make it look like someone else has sent the e-mail.

Read Full Article