While it seems that it will take a long time before something like this is implemented, Yahoo announced today that it is coming up with a new way to verify the origin of all email. While, the concept isn’t necessarily new, the implementation would be. Basically, they want to require all mail servers to have their own PGP key pair for a domain. In order to send mail, the sending server would include a small header containing a signature created by encrypting the message hash with it’s private key, and the receiving server would check to make sure that the signature decrypts with the public key to the hash that matches the message content.
This seems like a great idea to me. 90% of the SPAM that I get is from yahoo.com or aol.com addresses, but don’t originate from their servers. This would force people to send mail from their real network domain. Of course, this would cause a whole new set of problems. People would have to make sure their private keys are kept private (I can see it now…”Buy our CD of 100 million private keys for $99.95!”). There would also have to be an easy way of issuing a new key to a domain if for some reason they believe their private key has been compromised.