Monday, November 15, 2010

Cisco covets anti-spam role

Cisco covets anti-spam role:

Cisco appears poised to initiate more action in the anti-spam arena, having just jumped into a standards fray where the industry's top hardware vendor normally wouldn't be found.

"Since all this [spam] traffic is running on Cisco networks in large part, many customers often ask, 'Why can't Cisco do something about it?' " says Sanjay Pol, vice president and director of Cisco's Anti-Spam Initiative. "The less trust people have of the Internet, the worse it is for Cisco and our customers."

Last week, Cisco joined Yahoo, Sendmail and PGP Corp. in submitting the DomainKeys Identified Mail (DKIM) specification to the IETF. DKIM results from Cisco and Yahoo merging separate e-mail verification technologies with similar attributes, which both companies had worked on for more than a year.

DKIM is a signature-based e-mail authentication proposal meant to curb unsolicited commercial e-mail, as well as phishing messages. While the Cisco/Yahoo anti-spam move is getting notice, it is still just another in a litany of efforts in the industry to standardize a way to stop unsolicited e-mail.

DKIM, which relies on cryptography to authenticate a sender's identity, will likely follow the same path as the Sender ID proposal that Microsoft and others submitted to the IETF last year, according to Paul Hoffman, director of the VPN Consortium, a vendor-neutral organization that promotes the development of VPN technology. Sender ID was not ratified as a standard by the IETF, as was hoped by its proponents, but given "experimental RFC" status. "That's exactly what's going to happen to DKIM. That's not to say DKIM would be a failure from an IETF perspective, but that it's not at all clear the technology is valuable or worth doing," Hoffman says.

Part of the problem is that there's uncertainty whether any form of e-mail authentication will stem the tide of spam. Supporters say sender authentication will help fight phishing because senders will no longer be able to make their e-mails look like they've been sent by a valid company. However, these proposals won't directly curtail spam because plenty of spammers don't hide their identity.

"No one should think these technologies, even if implemented perfectly by everyone on earth, will solve the spam problem," says Matthew Prince, CEO of anti-spam consulting firm Unspam. "But if the worst spammers on earth are the ones who pretend to be from a legitimate online business and instead are stealing account information . . . then these technologies are good at addressing the first line of the problem."

Because it involves encryption, DKIM is a more robust approach than Sender ID, but also more difficult to implement, Prince adds. Sender ID has suffered from differences in the way the protocols it includes are implemented, causing compatibility problems that led some companies to rip it out and search for new solutions, Prince says. DKIM will likely capitalize on this opportunity.

No comments:

Post a Comment