|
Note: This page is a draft, for private
discussion only. Much of what is
presented here is not yet implemented. |
checkID™ – Stop Forgery
& Spam checkID is a tool for email receivers to check the identity and reputation of anyone trying to send email to recipients in your domain. It relies on the latest authentication methods to reject forgeries, and a compilation of ratings from different services to assess reputation. It does not eliminate the need for spam filters, but it does allow reputable senders to bypass filtering and avoid false rejects. |
|
|
|
checkID serves as your "Border MTA", checking IDs on every piece of mail as it arrives from the Internet. Most of the mail is either not from reputable senders, or not an easy reject based on identity alone. This fraction will continue to be processed as it is now, with IP blacklists and spam filters. A large and growing fraction of reputable senders, however, are offering authentication of their email. These senders typically have much less outgoing spam than average, often 100 times less! See DomainRatings for some typical statistics. One of the nice features of checkID is that you can set thresholds and options on a per-user basis. This gets you out of the uncomfortable position of having to defend you anti-spam policy. Nobody can argue with policies set by individual recipients for their own mail. |
checkID is an open-source program that you can download and run on your own hardware. It is also available as a "milter" to install in Sendmail. The software is free; however we do anticipate charging a small fee for heavy users of our Registry of Public Email Senders™. The goal is not to make a lot of profit, but to ensure a viable long-term business structure, and the ability to pay for the ongoing efforts of the best rating services in the world. If we are successful, the value of the Registry will be far more than the fees needed to keep it running.
Questions for Discussion
Success of any email authentication system will depend on "adiabatic expansion", to use a physicist's analogy. Growth must occur in small non-disruptive increments, within an existing email environment that has evolved into an overwhelmingly complex and varied system. At every step, there must sufficient motivation for new participants to overcome any barriers, like the difficulty of changing an existing setup. What are these barriers and how should we minimize them?
The barrier I am currently most worried about is receiver motivation. I am confident we can make the Registry work technically. I'm not too worried about uncooperative senders. They will be motivated by pressure from receivers, and what they have to do is very minimal. I've been ignoring receivers, however, and assuming that their desire to be rid of spam will overcome the cost and risk of upgrading their programs. So now I am focused on how we will motivate receivers, and minimize these costs and risks. The web-page above was written to introduce receivers to our service.
Let's assume we are at the point where a few early adopters are using the Registry, they are satisfied with the results, and we can show statistics on the small % of spam in the flow from reputable senders. Now we need to reach many more that have never heard of us. Will we need funding for marketing and technical support, or can we continue with a slow, but exponential growth. At what point do we introduce the fees for Registry services? What kind of opposition will we have to deal with?