Tuesday 12 September 2006

Domain Assurance Council

The Domain Assurance Council (or DAC) is a new trade body representing organizations that certify or accreditate email sending organizations and customers of those organizations. (Examples of such organizations include Habeas and Goodmail; their customers are typically ISPs and spam control technology vendors.)

With sender "authentication" (authorization) standards such as SPF and DKIM becoming more popular, there's a need for a standard way for a trusted authority to vouch for a domain name. DAC plans to help the industry create a standard way for organizations to "vouch" for a sending domain. They will do that by publishing reputation or accreditation data about a domain name in a standard form. The standard will be known as Vouch By Reference (VBR).

For example, a receiving mail system may be able to use SPF or DKIM to verify that an incoming message was sent by example.com, but it currently has no standard way of deciding if it wants to receive email from that company. Using VBR, a receiving system would be able to look up the domain and decide if it wishes to receive the message.

VBR could also allow smaller, more specialist organizations to vouch for organizations in their own vertical industry or niche (e.g. the pharmacalogical industry). The theory is that specialist authorities will know their industry better; if a sender goes bad, a specialist authority might discover this more quickly than a generalist.

VBR means that there should be no need for proprietary methods, such as Goodmail's. VBR will create a market for organization who vouch for domains; allowing its members to compete with minimum "friction." VBR should also allow customers to switch providers -- i.e. there will be no lock-in to a proprietary provider such as Goodmail.

Current members of DAC are Goodmail, Habeas, Return Path, Trend Micro, and IronPort. DAC is run by John Levine and Paul Hoffman. Paul has plenty of experience running this sort of group, having previously run the Internet Mail Consortium amongst others.