Major e-mail providers, including Google, Microsoft, and Yahoo! are
teaming up with PayPal, Facebook, LinkedIn, and more, to implement a new
system for authenticating e-mail senders to try to prevent the sending
of fradulent spam and phishing messages.
The protocol that powers e-mail, SMTP, dates back to a more trusting
era; a time when the only people who sent you e-mails were people you
wanted to send you e-mails. SMTP servers are willing to accept pretty
much any e-mail destined for a mailbox they know about (which is,
admittedly, an improvement on how things used to be, when they’d accept
e-mails even for mailboxes they didn’t know about), a fact which spammers and phishers exploit daily.
Making
any fundamental changes to SMTP itself is nigh impossible; there are
too many e-mail servers, and they all have to interoperate with each
other, an insurmountable hurdle for any major change. So what we’re left
with is all manner of additional systems that are designed to give SMTP
servers a bit more information about the person sending the e-mail, so
that they can judge whether or not they really want to accept the
message.
