The Internet Engineering Task Force, a key organization that oversees Internet standards, gave preliminary approval to a new software called DomainKeys Identified Mail (DKIM).
Here's how it works: DKIM would let companies or users embed an encrypted digital key into their outgoing messages that would confirm the sending domain for that message. On the receiving end, companies or users could search for that key to make sure the message is legitimate. If an incoming message doesn't have the right key – e.g., a phishing message from a phony PayPal address – it would get blocked.
Individual companies and users will self-regulate their own "white" lists instead of relying on a larger governing body to decide on an all-mighty "black" list. Danny O'Brien, spokesperson for the Electronic Frontier Foundation, told XBIZ that difference will protect free speech online.
"Blacklists threaten free speech, in my opinion," he said. "It's a dangerous road to go down, and I always say that the best thing for bad speech is more speech. DKIM is that — it gives people a little more information about an incoming message."
The software's developers promise that these encrypted keys will be impossible for spammers to forge, but that wouldn't stop a company that was already using DomainKeys from sending spam. In addition, both the sending and receiving mail systems would need to have DKIM installed for the software to work.
So far, Yahoo, Cisco Systems, Sendmail and PGP Corporation, AOL, EarthLink, IBM, VeriSign, IronPort Systems, Cox Communications and Trend Micro have lent their support to the software.
But while the support of large companies may be encouraging, will webmasters and average citizens be able to use this software to protect themselves from spam?
Dave Crocker, a principal with Brandenberg InternetWorking, told XBIZ that the self-regulatory nature of this software limits it.
"Real people who just want to sit down, turn on their computer and use the damn thing have a certain threshold," he said. "They may put up with a small burden for something, but they won't put up with a large burden for anything."
Another wrinkle will be how larger companies and individual users decide which domains are acceptable and which ones aren't. Crocker said that if someone with a Yahoo email address wanted to allow incoming messages from an adult site, they might run into problems if Yahoo wanted to block all emails from triple-X domains.
Despite the software's shortcomings, though, O'Brien said it has a great chance of gaining widespread acceptance.
"People who imagine that this program will remove all spam overnight are wrong," he said. "But it should become an important part of the arsenal."