When doing a job that you love it is natural enough to immerse oneself, to become somewhat myopic, about the relative importance and meaning of one’s work, but every once in a while context is thrust forward, rending fantasy and reverie aside, leaving one faced with a reality of what really matters.

Such are the sad events surrounding the murder-suicide that ended convicted spammer Eddie Davidson’s life today. For further details on the situation, please follow this link.

CAUCE extends our sympathies to the friends and families of the victims of this needless tragedy.

As most CAUCE supporters already know, forging From: or other commonly seen email headers is trivially easy. It's one of the most frustrating oversights in the creation of Internet email technology -- though of course that's only obvious in hindsight; it was just fine for the pre-Internet networks of the late 1970s and early-mid 1980s.

Since then, things have changed -- and the most interesting recent technological advancements in email have been in the realm of sender authentication, which encompasses ways to verify that the apparent sender of a message actually is the entity which sent it. Before you can answer the question "can I trust this message," you have to ask "who sent it?" -- but before authentication, there was often no way to know for sure.

The first authentication technology to catch the interest of the industry was Meng Wong's SPF, which also formed the basis for Microsoft's SenderID. In parallel, Yahoo! developed DomainKeys, which has now evolved into DKIM. All of these are free to use, though some have licensing requirements or patents which may prevent derivative works.

Having what looks like four entirely different technologies may seem confusing, and marketing tactics from some of the organizations involved certainly haven't helped. Luckily, our friends at the Messaging Anti-Abuse Working Group have published a new white paper, Trust in Email Begins with Authentication, which should help to clarify things. It provides a much-needed substantive overview of the authentication methods and practices currently in use, without inappropriate bias or attempts at coercion.

CAUCE hopes that this effort will raise the level of debate within the email industry, and lead to faster adoption of authentication technologies. Sender authentication will not, obviously, solve spam -- it has very little to do with spam, in fact -- but curtailing the bad guys' ability to send messages that look like they're from your bank or other trusted institution will certainly help.


[Some CAUCE Board members -- including the author of this article -- contributed to the MAAWG document, and are regular attendees of MAAWG events.]

Yahoo users can feel a little bit more secure when receiving email from eBay and Paypal after Thursday's Yahoo! yodel: Say goodbye to eBay and PayPal fraudsters.

"We’ve teamed up with eBay and PayPal to become the first Web mail service to block the delivery of unauthenticated eBay and PayPal emails, reducing your risks of receiving phishing scams or fraudulent emails. Our weapon
is a technology Yahoo! spearheaded called DomainKeys, which uses cryptography to verify the domain of the sender."

This is the first major announcement of this kind, be prepared for more to follow by authenticating your mail now. Not just your commercial or transactional email but also your Corporate email.

CAUCE North America Debuts - New anti-spam advocacy group combines CAUCE
Canada and CAUCE US

Montreal and Los Angeles, June 06, 2007 -- Neil Schwartzman, chair of CAUCE
Canada, and Scott Hazen Mueller, chair of CAUCE U.S., today announced the
formation and launch of CAUCE North America to build upon the work of their
previously separate organizations.

CAUCE North America is now the premiere anti-spam advocacy group,
representing the interests of the millions of Internet users in North
America. The combined group will work towards equitable solutions for the
original threat posed by spam since the 20th century, and Spam 2.0, the
21st-century blended threat posed by the merging of spam, viruses, phishing
and malware.

"When we launched the original CAUCE, back in 1997," said Scott Hazen
Mueller, founder of CAUCE U.S. and now President of CAUCE North America,
"spam was an isolated problem and it was seen by many as unimportant. Now,
spam is part of a multi-pronged assault by various criminal organizations
attacking the very basis of trust on the Internet. If this threat is not
met soon, users will continue to migrate away from the Internet for their
commercial needs."

press contact: press@cauce.org

Tel . +1 303 800 6345

We were shocked, not so very many years ago, when AOL reported that spam was 30% of their incoming mail. Now, some of the world's largest ISPs report that it's well beyond 80% -- in some cases higher -- and increasing.

Back then we knew who the spammers were, they stayed in one place and thought of themselves as "high volume" email marketers -- but now, the leaders of the email marketing industry know they must respect permission, and can't engage in the spammy behavior of their predecessors. We predicted that a private right of action in civil court would be sufficient to keep those same marketers in line, and now we know that's correct -- but today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail.