Authentication is one of the few things that almost everyone in the industry agrees is a good idea. To reduce spam, and phishing vulnerabilities, the end user needs to really know who is sending each email that hits the inbox. There are a couple of competing concepts for implementing authentication. One is based on IP addresses and the other is based on digital signatures. Do you see the major players agreeing on a common approach anytime soon?
The industry did a lousy job in 2004 of presenting a common message to the IT world on this. The truth is that there is agreement around IP authentication in the form of SenderID. Things have been relatively quiet on that front over the past few months because we’ve moved into the implementation phase. Organisations are publishing their records and vendors and service providers are working on the inbound record checking technology. So, deployment is the watch word here.
On the digital signatures front, there was consternation at the end of last year that we were seeing the CallerID/SPF debate replay itself in the form of Domain Keys (a Yahoo proposal) and IIM (a Cisco proposal). Behind the industry curtain, these players are being urged to merge their specs and I expect that to happen "real soon now".
So, do you agree with the view of some that we'll see both strategies implemented, with IP Addressing (SenderID) being deployed first and some version of digital signatures following later?
Yes. SenderID is probably a year ahead of a hopefully integrated signing approach and deployment should be happening now. We’ll likely see the large ISPs, as they have with SenderID, be the first networks to deploy the signing solutions. Yahoo! and Google are already into that. I should point out, as part of the largely agreed upon accountability framework, that email requires that the next phase involve more use of accreditation and reputation systems, and things are starting to bubble there. If 2004 was the year of IP authentication, 2005 is likely to be about signing solutions, and I'd expect 2006 to bring reputation and accreditation into the spotlight.
In the US, we're increasingly addicted to email and IM, with RSS feeds coming on strong. In other parts of the world, text messaging via mobile phones has been huge for a long time. Does this kind of text messaging have implications for corporate messaging infrastructures? And what trends do you see in this area?
It’s possible that mobile devices will play a key role in the integration of these communications technologies. At the end of the day, these devices are communications devices first and foremost, and they’re still relatively limited in terms of memory, processing capabilities, and storage. Email and messaging are not as entrenched as they are on desktop computers. Together, that creates an interesting set of reasons to expect the integration of email, instant messaging, SMS and voice being a stronger motivating factor for vendors in this space.
I fully expect the "Crackberry effect" to drive greater adoption of email and text-messaging capabilities in corporate messaging systems. Again, integration with existing systems will be key. Blackberry support for Microsoft Exchange and Lotus Notes is an indication that this need is well understood.
