Talking About Yahoo

Sunday, March 25, 2007

Online therapy: A therapist's guide to expanding your practice

Derrig-Palumbo, K., & Zeine, F. (2005). Online therapy: A therapist's guide to expanding your practice. New York: W. W. Norton, 336 pp., $34.00.

Are you considering some form of online therapy for your practice? What exactly does online therapy mean? E-mail, chat rooms, instant messaging, web cameras? Regardless of your foray into electronic-based counseling, Online Therapy: A Therapist's Guide to Expanding Your Practice, is an excellent resource for experienced therapists moving into the 21st-century of psychotherapy.

Organized into three major sections, the book addresses a wide range of issues relevant for clinicians who may be incorporating on-line components in their practice. Part I addresses psychotherapy models (e.g., solution-focused, narrative therapy) most conducive to delivering online therapy services. Interviews with significant representatives of each model offer thoughtful perspectives toward online therapy. For example, Albert Ellis presents his opinions about the possibility of using rational emotive behavioral therapy through an online format. Part I also provides answers to common questions, offers clinical guidelines, and includes a brief discussion about the efficacy of online therapy.

Part II is the backbone of this book, providing a thorough discussion about establishing an online practice. Business, legal, and ethical issues are all addressed in a comprehensive way. Derrig-Palumbo and Zeine guide readers through the maze of considerations of beginning an online practice. Furthermore, they address the various possibilities of web-based counseling: e-mail, audio conferencing, electronic clinics, videoconferencing, and chat rooms. Of vital importance is the excellent discussion of the perils when using free or public domain technology (e.g., Yahoo, AOL) that may not protect client confidentiality. The discussion of legal issues is also excellent, addressing such matters as conducting psychotherapy across state lines, payment for referrals when using referral services, and the required documentation for conducting online therapy services.

Part III provides almost 70 pages of appendices filled with excellent information for consideration before going online, including computer selection, the skills and programs necessary for online therapy, online therapy guidelines from various professional associations, and additional online therapy resources.

My only complaint about this book relates to its organization and a sometimes-confusing target audience. The authors go to great lengths justifying the utility of online therapy and assuring readers that online therapy is not replacing face-to-face psychotherapy. The title presupposes a target audience well beyond such concern. Purchasers will likely be past contemplating whether their therapy style is conducive to online therapy. They may want to skip Part I and get into the essentials of online therapy included in Part II and the Appendices.

Those limitations aside, Derrig-Palumbo and Zeine have made an excellent contribution to this growing area of psychotherapy. They do a nice job challenging the assumption that psychotherapy suffers when not conducted face-to-face. Eloquently, they lay out historical examples of conducting therapy via letters and telephone calls. They even point out some significant advantages of using text as an important method to help clients work through issues, noting, "Some clients have reported that text messaging gives them time to collect their thoughts prior to typing a response. The alleviation of a perceived need to immediately respond allows additional time for reflection, which can be quite beneficial" (p. 50). Private practitioners and some training program faculty will find this is an essential work to survive the next generation of psychotherapy-a generation where today's children, comfortable with an electronic medium, will undoubtedly demand some form of an online complement to psychotherapy services.

Tracy Todd, PhD

Brief Therapy Institute of Denver, Inc

Copyright American Association for Marriage and Family Therapy Apr 2006
Provided by ProQuest Information and Learning Company. All rights Reserved

Qurb 3.0

Qurb blocks spam in the simplest way possible: It lets messages from senders you know into the inbox and quarantines all others. It makes no attempt to analyze message content. You'll never have an important message blocked because it looked like spam, or receive spam in your inbox because it looked valid. The new Qurb 3.0 adds some significant enhancements without losing that basic simplicity. It displays a stamp of approval on SPF-authenticated messages and a warning on fraudulent "phishing" messages. It now offers indexed searching of e-mail, contacts, appointments, and other e-mail-related data. And it automatically blocks persistent spammers.

Qurb specifically supports and integrates with Microsoft Outlook and Outlook Express and works with Exchange or POP3 accounts (but not IMAP). To start, it populates the Approved list by scanning your address book and inbox—so make sure your inbox doesn't contain any spam messages during this initial scan. Addresses to which you send mail are also automatically whitelisted.

Mail from senders not on the whitelist gets quarantined in the Qurb folder. Qurb can suppress the new mail notification for such messages, and can automatically mark them as read. At a user-defined interval it will remind you if there are new quarantined messages and will display only the new ones in a Review Quarantined Messages window. This window lists the sender's name and e-mail, the subject, and the date/time for each message; checking a box marks the message (and sender) as valid. A safe and handy text-only preview appears when the mouse is over the checkbox. Non-approved messages are automatically deleted after a user-defined interval (30 days by default). If a persistent spammer sends three or messages and you don't approve any of them, Qurb automatically blacklists the sender. Messages from blacklisted senders go to the Qurb folder, but they're never displayed in the review window.

Qurb's handy new ability to index and search your Outlook and Outlook Express data is similar to that of Microsoft's Lookout for Outlook. You can enter simple keyword-based searches in Qurb's toolbar, or bring up an Advanced Search window for more control. Features include phrase searching, Boolean search with OR and NOT, partial keywords, and field-specific searches like "to:neil." Qurb indexes file attachments, too, using the same IFilter technology that MSN Toolbar Suite uses. If you think you may have accidentally blocked an important message, the search feature will help find it. (Interestingly, you can use the search feature for free by downloading the trial version of Qurb and turning off its antispam features.)

Support for the industry-standard Sender Policy Framework (SPF) registration allows a company to prove the authenticity of its e-mails, verifying that the message is not spoofed in any way. If Qurb can validate a message's authenticity using SPF, it marks the message with a green-check stamp of approval. Support for the similar Yahoo! DomainKeys authentication is also planned. If the authentication fails, Qurb marks the message with a red question-mark stamp and the phrase "Not Verified." Our test account quarantined a half-dozen fraudulent PayPal messages; Qurb flagged several (but not all) of them as suspicious.

Rejecting all mail from unknown senders isn't always practical, especially for a business e-mail account. Qurb does let you add an entire domain to its whitelist, for example to accept all e-mails from within your company. For truly unknown senders, it can optionally generate a confirmation e-mail challenge. The sender simply replies to the challenge message. Upon receiving the reply, Qurb releases the original message to the inbox and adds the sender to the Approved list. You can customize the challenge message, and you can set Qurb to respond automatically to challenges from other Qurb users.

A Qurb-approved sender is more than just an e-mail address. You can optionally require both the address and the display name to match. If the sender has used a digital signature, you can require that future messages match that signature. By default, your own entry in the approved list requires a matching display name; this will usually foil those spammers who "spoof" their return address so the message seems to come from your own account.

Qurb was our favorite non-filtering antispam solution, and the new features in Qurb 3.0 help keep it on our Editors' Choice roster. If you want to ensure that you never see another piece of spam again, with minimal intervention on your part, give Qurb a try.

News Corp to Buy Intermix for $580M

NEW YORK, July 18 (Reuters)—News Corp. on Monday said it would buy Intermix Media Inc., owner of the popular MySpace.com social networking site, for $580 million in a move to expand the media conglomerate's Internet offerings.

The deal comes after News Corp., home to the Fox television network, Fox News and 20th Century Fox film studios, announced on Friday the creation of an Internet division to hold the company's sports, news and entertainment sites.

News Corp. will pay $12 a share, a 12 percent premium over Intermix's closing price on the American Stock Exchange on Friday. Accordingly, Intermix shares rose 9.6 percent to $11.75 in Monday trading.

"For a company with a market capitalization of over $50 billion and $6 billion in revenue last quarter to pay $580 million for the fifth most widely viewed domain, that strikes me as reasonable," said Natexis Bleichroeder analyst Alan Gould.

"With a significant amount of advertising dollars moving from traditional outlets to online, News Corp., like most media companies, is looking to boost its Internet assets," Gould added.

Online advertising is expected to be the fastest growing category for national advertisers, up 15 percent to $7.9 billion this year, according to media buying firm Universal McCann.

MySpace.com is the most popular of the once-trendy social networking sites, which allow people with common interests to seek dates, friendship and professional relationships.

Google Inc., for its part, has a social networking site called Orkut. Yahoo Inc. has made social networking a part of its Yahoo 360 networking tool.

"The thing about MySpace is that it's a growing audience," said Jupiter Research analyst David Card. "Its users are pretty loyal. They get a lot of time spent on their pages. And the personal information they get from users is pretty reliable because they want to meet people. One would think this information would be pretty useful to advertisers."

Intermix, which had $24.1 million in revenue in its fiscal fourth quarter, will become part of News Corp.'s newly created Fox Interactive Media.

News Corp. had said on Friday it plans to make "strategic investments" in this area. The creation of the Internet unit comes three months after News Corp. Chief Executive Rupert Murdoch's exhortation to the newspaper industry that it was too slow to respond to the Internet.

Intermix was the target of a lawsuit by New York State Attorney General Eliot Spitzer, who accused the company of false advertising and deceptive business practices in bundling hidden spyware that delivered pop-up advertising and redirected Web traffic to an Intermix search engine.

The company agreed to pay $7.9 million to settle suit without admitting wrongdoing. It had previously stopped distributing such programs.

The News Corp. deal is expected to close in the fourth quarter of calendar 2005.

Intermix's largest shareholder, VantagePoint Venture Partners, which holds 22.4 percent of the company, has agreed to vote its shares in favor of the deal, News Corp. said.

News Corp. shares were down 6 cents to $17.41 in midday trading on the New York Stock Exchange.

Yahoo Casts Wide Net To Protect Domain Name 04/27/00 - Company Business and Marketing

SANTA CLARA, CALIFORNIA, U.S.A., 2000 APR 27 (NB) Somehow Web portal Yahoo Inc. [NASDAQ:YHOO] always ends up Number 1. The company's Yahoo.com domain regularly tops the traffic charts created by Web measurement firms, and now - in order to protect that address - the company has set a record for the largest number of look-alike names shoveled at once into a recently launched domain-name dispute resolution system.

Santa Clara, Calif.-based Yahoo is objecting to 37 registered domains - ranging from geographical variations such as AtlantaYahoo.com and DCYahoo.com to the more obscure Jahu.com and Yhu.com - and has taken its case to the Internet Corporation for Assigned Names and Numbers (ICANN) for arbitration under its Uniform Domain Name Dispute Resolution Policy.

Designed to help speed the process of settling spats over the practice of "cyber-squatting," the uniform dispute resolution protocol went live in December in the hands of the Arbitration and Mediation Center of the World Intellectual Property Organization (WIPO).

Since resolving its first dispute - the World Wrestling Federation's reclaiming of worldwrestlingfederation.com from an alleged cyber-squatter - WIPO arbitrators have cleared an impressive queue of disputes.

Still pending is a 21-domain submission covering Internet addresses which appear to conflict with the trademarks of the Fox Entertainment Group [NYSE:FOX] - and which was a record-setting request before Yahoo filed its complaints last week. So far, the fattest file closed by WIPO at one sitting was a 15-domain dispute that went in favor of the Federation Internationale de Football Association (FIFA) and the marketing organization licensed to use soccer's World Cup trademarks.

Internet law expert Michael Geist, of the University of Ottawa Law School in Canada, said the volume of Yahoo's recent filing isn't as important as its liberal interpretation of what might constitute a look-alike domain name.

He said entries such as SeattleYahoo.com and NYYahoo.com may seem straightforward - but what about Jahu.com and Youhoo.com?

One thing all 37 disputed names seem to have in common is dubious registration information in the master databases on Network Solutions Inc. many of the addresses - including Jahu.com and Youhoo.com - are registered to the same individual and who appears to be unknown to people answering the phone at the number provided in his domain registration documentation.

Geist said many rulings have gone against individuals who have registered domains that appear to be versions of well-known trademarks but with typographical errors. For example, Hewlett Packard Corp. was successful in quashing the domain HewlittPackard.com. But Geist warned that one person's intentional typo might be someone else's idea of a legitimate business name.

"We are without question seeing the development of an Internet law - or an Internet common law - around the issue of domain names," he said. "Arbitrators are, with increasing frequency, citing previous ICANN decisions to support their findings. While some of the very early cases looked at traditional laws - particularly US laws with regards to domain name issues - there is a sufficiently large body of (decisions) that the arbitrators are able to refer to their own decisions as support for their findings."

"That's fine if the body of case law is something that merits approval, but I believe that there's a bit of concern that, on a pure numbers basis, I believe they're finding in favor of trademark holders at a ratio of three to one."

"There's some appearance of a bias towards trademark holders," Geist said, "but it may simply be the case that trademark holders had legitimate claims in a large number of instances."

He said one case which struck him as "a little odd" was the successful claim by the Canadian company eResolution against the holder of the domain EResolution.com, even though the Canadian company wasn't even incorporated until several months after the domain was originally registered in the US.

"It struck me as odd that a trademark holder could register a trademark after the fact and, essentially, reverse (the process)."

But Geist said the dispute resolution process seems to be achieving one of its primary goals - to speed up the system and cut legal costs through arbitration.

"There are large numbers of applications currently before the arbitrators, and they are required under the rules to render a decision quite quickly and, in fact, have been following through in that regard," he said. "So, certainly that's a positive."

Officials from Yahoo have yet to comment on their domain-dispute submissions.

Reported by Newsbytes.com, http://www.newsbytes.com

(20000427/Press contact: Michael Geist, 613-562-5800 ext. 3319 /WIRES ONLINE, LEGAL, BUSINESS/YAHOO/PHOTO)

Exodus Expands Hosting Relationship With Yahoo! - Company Business and Marketing

Exodus Communications, Inc. (NASDAQ: EXDS), a leader in complex Internet hosting and managed services, Monday announced that Yahoo! Inc. (NASDAQ: YHOO), a leading global Internet communications, commerce, and media company serving 145 million individuals worldwide, has expanded its presence in the Exodus Internet Data Center network with the establishment of a mirrored site at an Exodus facility on the East Coast. "A scaleable and redundant network infrastructure helps Yahoo! support the needs of its growing worldwide Internet audience," said Ellen M. Hancock, president and CEO of Exodus. "By expanding its presence at Exodus, Yahoo! will continue to provide its users with the ability to seamlessly access information, communicate with others, and buy things."

"Exodus has proven that they can quickly and reliably expand our Internet capabilities worldwide," said Kevin Timmons, director of operations, Yahoo!. "They successfully provide the infrastructure and level of service we need to help maintain the reliability of one of the world's most visited Internet domains."

Yahoo! already has a long-standing relationship with Exodus. In January, Yahoo! again named Exodus as its primary service provider for Yahoo! GeoCities (http://geocities.yahoo.com). Exodus has provided network space and managed services to support the popular online community site.

Leading the Web Hosting Market

According to International Data Corporation, the Web hosting market is expected to grow from $1.8 billion in 1999 to $17.6 billion by 2003. Exodus provides a variety of services to help ensure that its customers complex Internet operations are always available and secure. The company has certified system administrators and network professionals to manage Internet systems for peak performance, 24 hours a day, seven days a week. Exodus also provides customers with access to Internet systems management expertise, critical for providing reliable Internet services and quickly expanding Internet capabilities. Exodus provides complex Internet hosting services and enterprise-class Internet systems management for companies deploying mission-critical Internet operations. Exodus Internet Data Centers offer a range of benefits including:

High Performance: Exodus customers benefit from industry-leading availability, reliability and redundancy through a high-speed network design, 24x7 system monitoring, diagnosis and problem resolution, performance monitoring, stress testing, and content distribution technology.

Scalability: As customers grow, Exodus is positioned to meet their needs for increased hosting space, bandwidth and managed and professional services.

Security: End-to-end electronic and physical security measures are in place to protect customers' data, applications and systems.

Exodus Communications is a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. The Company offers sophisticated system and network management solutions, along with technology professional services to provide optimal performance for customers' Web sites. Through its subsidiary, Service Metrics, Exodus is a leading source of Web site performance monitoring and measurement services. Exodus manages its network infrastructure via a worldwide network of Internet Data Centers located in the United States, Europe and Asia Pacific. More information on Exodus can be found at http://www.exodus.net.

Prismiq Commander Wireless Router

It's 3 P.M. and your kids are home from school and surfing the Web. Do you know which sites they're visiting, or who's chatting with them on instant messaging? Though technology is no substitute for good parenting, it can provide valuable information that can be the basis for a discussion on safe Internet practices. Software-based monitoring tools have been available for years, but no one has produced a cost-effective network-based monitoring tool—until now.

The Prismiq Commander Wireless Router (model number IWR 5010) is a very capable four-port 802.11g wireless router with a built-in stateful packet inspection (SPI) firewall. Unlike traditional home and small-office wireless routers, this device has what they call Internet Warning and Control Software (IWACS) built in, which monitors all traffic entering and leaving the network.

The Prismiq Commander has the ability to "see" virtually all traffic traveling to and from the router. Software loaded onto a computer serves as a console that downloads the data logged by the router-based IWACS software and presents it in a clean, easy-to-understand interface. Data is delivered in four categories—IM, e-mail, Web traffic, and unidentified traffic.

The Prismiq Commander supports the three most popular IM services—AOL, MSN and Yahoo!. We found that it accurately captured text from all three, even if the party we were chatting with was using a third-party IM client, such as Trillium. It does not, however, capture video or audio chat sessions.

On the other hand, e-mail logging was disappointing. The Prismiq Commander monitors incoming POP3 mail and outgoing SMTP mail, but our tests revealed that if a client retrieves a large number of messages in a session, the unit will fail to log some, or possibly all, of those messages. When we followed up with the folks at Prismiq regarding this issue, they explained that their e-mail logging was designed for light traffic, and our test sessions (50 to 100 messages per session) were beyond their design parameters. With smaller numbers of e-mails per session, it was able to log the traffic properly. Though the Prismiq Commander will log both plain text and HTML mail, only the contents of plain text e-mail are available in the monitoring console. Inbound and outbound HTML-formatted mail appears in the log only as an entry, so that you know that HTML e-mail was sent or received and to whom, but the monitoring console doesn't display the content of HTML messages.

Web-site monitoring logs each URL visited by each user. As with both e-mail and IM monitoring, you can choose to ignore and not log Web traffic for individual users. Likewise, you can also block specific domains and IM screen names.

Aside from the Prismiq Commander's monitoring features, we found it to be a capable wireless router, if not stellar in terms of performance. Initial setup is performed using a Web-based wizard. Once the device is up and running, the user is presented with a fairly intuitive user interface. Six menus arranged horizontally across the top of the screen, including Status, Management, Advanced, Firewall, Wireless, and Logout. Except for the Status link, which displays a summary of your router, and the logout link, each of the other four links has a related submenu of functions. The Prismiq Commander also, as more advanced users might expect from a modern router, supports port forwarding, Dynamic DNS (DynDNS.org, and No-IP.com), and special applications with port triggering. The firewall supports a DMZ, and has individual threshold settings for DoS (Denial of Service) attacks as well as for FIN, ICMP, SYN, and UDP traffic.

As a wireless router, the Prismiq Commander supports standards-based 802.11g. If you're not using the router's wireless feature, you can disable it for added security. You can also disable the SSID broadcast and limit access to the wireless network by MAC address. It also supports WEP, WPA and 802.1x. The Prismiq Commander can also be configured as a wireless bridge or an access point. Of course, if it's configured as an AP, the routing and tracking functions are disabled.

We found the Prismiq's range as a wireless router to be somewhat less than the devices in our recent wireless roundup, "Unwired for Speed". It turned in 17.6 Mbps at 1 foot and 13.6 Mbps at 60 feet, but fell off to less than 1 Mbps at 120 feet. Most of the other wireless 802.11g routers achieved approximately 5 Mbps at 120 feet.

The Prismiq Commander has a direct price of $79.95, but for a limited time the company is offering a $20 trade-in allowance for your existing, functional 802.11g router. If you want the monitoring/logging capabilities the device offers, the price is a bargain. If not, other 802.11g routers offer better value and greater wireless range.

More PC Magazine wireless networking reviews:

Yahoo Proposes Anti-Spam Standard For Internet

When it comes to proposed technical solutions to spam, I'm a pessimist in general and confirmed skeptic at heart. Such proposals, in their attempts to make spamming impossible, invariably force everyone to change all their mailing software, dooming any practical prospects of the plan.

However, "invariably" could be too strong a word. For example, Yahoo, which claims to be the largest mail provider in the U.S., recently proposed a domain-level authentication system to combat spam. What's interesting here is its conscious attempt not to overreach. The company is still being circumspect in releasing details of its "Domain Keys" system publicly because the proposal is still being formulated, but officials did share the substance of the plan.

What would SMTP authentication accomplish? It wouldn't, in and of itself, prevent someone from spamming. What it would do is allow spammers to be identified and effectively blacklisted.

Authentication systems usually involve digital certificates, perhaps even for each user. For e-mail the sender might sign each message with his or her private key, and after looking up the sender's public key in some publicly-available system, usually a certificate authority, the recipient could confirm that the message was in fact signed by the person claiming to be the sender.

Check out eWEEK.com's Messaging Center at http://messaging.eweek.com for more on IM and other collaboration technologies.

Yahoo's Domain Keys proposal has two interesting innovations that make it different and intriguing: First, authentication is only performed on a domain level, not the user level.

For example, in a world running the Domain Keys system if you get a message from wacka-wacka@hotmail.com, you could confirm that it really did come from hotmail.com. That's well and good in the case of Hotmail, since it's safe to assume that Hotmail has enough internal authentication that the sending user really was wacka-wacka.

But what about a message from igor@fraunkensteen.com? You may be able to confirm that it really came from fraunkensteen.com, but did it really come from igor? This actually could be an issue if mail.fraunkensteen.com isn't very picky about who it accepts SMTP connections from. Some have suggested that spammers could simply move to a series of new, cheap throwaway domains as old ones become blacklisted. This is a reasonable concern, but I'm not sure how serious it is.

The other interesting innovation with Yahoo's plan is that no fancy and expensive certificate authorities are involved. Instead, the domain's public key is stored in DNS, where everyone can get at it fairly easily to check signatures.

Domain Keys would also present a problem to users (like me) who use a From: address with a domain different that the one for the SMTP server sending the message. Because the From: address is the most obvious spot to check for domain authentication, it's the one used by Domain Keys (at least in the initial proposal) for recipients to check.

Certainly, I agree that if you have to pick one address to check, From: is the only one to pick. Still, many users have From: addresses with a different domain than their SMTP server. Domain Keys would cause problems, at least in the short term, for folks that travels and for users in Internet cafes. No doubt it would burden administrators who will have to make sure that client systems are using the right SMTP server to correspond to their From: address, something that doesn't matter now.

Next page: Squishing Worms...

The transitional period for Domain Keys would also bring its share of problems. In the end, presumably any unsigned mail would need to be treated as untrusted; so once the switch is thrown and respectable people start enforcing authentication, anyone who doesn't implement the system will be unable to send e-mail to the respectable e-mail world.

Trust me, Domain Keys would be on the front pages of every newspaper and even featured in an episode of Friends (or take your pick of a Top Ten show since Friends ends in May). Yet when it happens, expect that there will still be lots of people outraged that they didn't get sufficient notice. Look for lawsuits to commence.

Yahoo! disagrees on this point. In the news article linked above, Brad Garlinghouse, vice president for communication products at Yahoo said: "If we can get only a small percentage of the industry to buy in, we think it can have a dent."

I've heard the same theory from other serious people in the industry. So, perhaps I'm over reacting.

Yahoo's plan goes beyond stopping spam. Halting phishing attacks and certain worms is also a major motivation for Yahoo.

Consider the e-mail worms that appear to come from some address at Microsoft, such as Xombe, the most recent one, which appears to come from windowsupdate@microsoft.com. This kind of attack would never get through even the first time under Domain Keys, because it wouldn't actually come from the address it now appears to come from.

Check out eWEEK.com's Special Report: Securing Windows for more on keeping Windows safe.

Speaking of worms, it's worth noting that one of the major innovations in e-mail worm technology a couple of years ago was the inclusion of an SMTP engine as part of the worm code itself. All of these attacks would have to be upgraded by hackers to even attempt to function under domain keys.

Domain Keys stops these worms from using their current mode of operation, which is to harvest addresses off the victim's system and use them both as the sender's address and the recipient's. Since the worm wouldn't have access to the private key for the From: address domain, its progress is mostly stopped.

The best the worm author could do (correct me if I'm wrong) is to hard-code the private key for one domain or multiple domains to which he or she has access to the private key. This would be a bad idea (for them) for a couple reasons: one, it might make it easier to trace the author of the worm; two, either the site could be taken down or the keys regenerated and the worm would die quickly.

Next page: Can Yahoo Actually Do It?

If this proposal is ever to get off the ground, the next step, after feedback to Yahoo, will be a standards process with a proposed standard from Yahoo.

Since every mail server on the Internet will have to implement Domain Keys if it wants to send mail, for all practical purposes there will need to be monetarily free and open-source implementations available. If it looks promising, at some point early in that process— because the spam problem is so urgent—some people will want to implement it even if the standards process is incomplete.

There are plenty of mail servers in the world running on a lot of different platforms. A few of them are more important than others, such as Sendmail, QMail, Exchange and Notes. The free implementations of Domain Keys will have to cover a very large percentage of mail servers in use.

So what would be the critical mass of servers needed to implement the technology before it could be considered dominant, or implemented enough that one could say that it's unreasonable for people not to implement it? How do we quantify this critical mass?

The answer would have to be framed in terms of e-mail users who use the servers in question. Yahoo, AOL and Microsoft joined in an alliance against spam last year. If all three members of the coalition were to endorse one technology and promise to implement it, that move would represent a huge percentage of Internet mail. It would be hard for other vendors and services to ignore such an initiative.

At some point, governments and large corporations would also adopt such a technology and require others who want to communicate with them to implement it too.

If I sound enthusiastic, I'm really more skeptical than that. Remember, this is a proposal to require all mail server operators to change their software. It's a proposal to change the most widely-used protocols on the Internet.

Something of this magnitude isn't done unless it's really, really necessary. And (this is important) you absolutely have to get it right the first time.

As Yahoo points out, this is why they're asking for feedback on their proposal.

Check out eWEEK.com's Special Report: Canning Spam for all you need on the most troublesome problem on the Internet today.

There are other potential problems with domain keys: The system would increase the processing load on every mail server by adding digital signing to the process, and I assume it would also increase the amount of DNS traffic a fair amount as recipient servers look up the public keys of the senders.

Authentication also means a step away from anonymity for users on the Internet. This doesn't bother me so much, but it does bother a lot of other people. It's possible, certainly with a system like Domain Keys, for a domain to keep its users anonymous even if the fact that mail is coming from it is not hidden. If you feel that mail from that domain is not trustworthy you can block it.

Domain Keys is a fascinating idea most because, in its attempt not to overreach, it demonstrates how formidable a challenge it is to make a technical solution to spam within the existing Internet infrastructure. Even Domain Keys requires changes so widespread that fundamental that it's easy to envision a rocky transition period at a minimum. Spam is a tumor, rapidly growing into the body of Internet email and choking the life out of it. Surgery like Domain Keys can be painful and unpleasant and it's not always successful, but perhaps we'll really try it before email actually dies.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Be sure to check out eWEEK.com's Security Center at http://security.eweek.com for the latest security news, views and analysis.