Randy Miller: DomainKeys vs SPF vs Sender ID… for some time we’ve chronicled how their respective zealots have been battling to see that their favorite email authentication method becomes the standard. To an outsider, the struggle could well elicit a yawn… after all, adoption of any of the competing standards has, to date, represented a tiny percentage of users.

The Anti-Phishing Working Group Spring General Meeting and the E-Mail Authentication Summit 2006, taking place April 18 and 19, respectively, in Chicago, hopes to kindle new fervor.

Microsoft, for one, will use the April 19 Summit to proselytize for Sender ID, while touting the rapid rate of increase in its adoption:

  • Research by MarkMonitor, and validated by Microsoft, indicates that between March 2005 and March 2006, the number of dot-com and dot-net domains publishing their SPF records increased from 750,000 to over around 2 million.
  • MarkMonitor and VeriSign claim that over 3 million domains are sending Sender ID-compliant email.
  • Both research outfits also estimate that some 2 billion email messages are sent daily from known, legitimate senders.

Sounds impressive… and millions of anything is obviously a lot.

But when you consider that there are 50 million or so domain names, and daily email traffic exceeds 36 billion messages, it’s easy to see just how miniscule the adoption of email authentication has been.

If email authentication can, as devotees so ardently preach, solve problems like phishing and spam, why is it not more widely adopted?

It’s like we’ve told you… Busy network admins don’t have time for experiments. They want a widely adopted industry standard. But the only way for one of the contenders to take the crown of standard-bearer is if lots of networks have deployed it.

Catch-22.

Full Story »