Email Authentication Schemes - Friends or Foes?

jtprice writes "At a time when spam levels have exceeded 80%, there's growing momentum behind Microsoft's email CallerID, the SPF effort, Yahoo!'s DomainKeys, and the IETF's new MARID Working Group initiatives to address various email abuse problems including spam, joe-jobbing, phishing, and so on. Sendmail has already implemented DomainKeys and CallerID. 10,000+ domains have turned on SPF now. Where the heck are we going with this? Are these efforts at cross purposes, confusing at best or likely to be consolidated? Seems to be less about the end of spam and more about the end of open, uniform, standards-based email as we know it. Apparently the people behind these initiatives are getting together for the first time for something called the Open Email Accountability Symposium next month, at the Inbox Email Conference in San Jose, with the intent of outlining their proposals and answering questions. Any thoughts about all of this, or hard questions that should be asked of these people? Is the email dilemma creating just another monopoly opportunity to force email into proprietary territory?"

Re:It still won't work

[StateOfTheUnion]

Actually, I think it might happen the other way around, make it proprietary and from a big target like Microsoft, and your asking for the system to be hacked . . . Proprietary solutions from huge companies are irresistable targets for hacking.

Float it under the radar as open source, encourage peer review and you may have something that would be hackers contribute to rather than destroy.

Most email currently goes through Apache . . . I think that the open sorce community has done a pretty good job of creating the email server of choice. I think that they're probably the right group to also make it more secure.