Update: Anti-spam technology adoption

It was pointed out to me that I had missed a key element of the difference in the adoption of Sender Authentication vs. Reputation filtering, the issue of single-party vs. multi-party technology adoption.

Sender authentication requires multi-party adoption. Sender Authentication requires both the sender and the receiver to act. The sender must define their authentication information and the receiver must implement technology to check these records as each email is received. In this situation until there is a sufficient critical mass of senders implementing their records or a large recipient (Yahoo's adoption of DKIM for example) to drive the change there is insufficient incentive to act. Creating a chicken and the egg situation.

Reputation on the other hand only requires single-party adoption. As soon as I have the reputation data to work with I can implement the technology on my systems and start benefiting immediately. No critical mass of adoption is required for the technology to succeed.

Many of the objections to FUSSP proposals are based on the difficulty presented by multi-party adoption. Getting hundreds of thousands of email servers and millions of email users to change technology and behavior in order to stop spam is a major undertaking and will be both a slow and likely incomplete process but not necessarily futile. Sender Authentication provides a good example, its a slow process but authentication has been adopted relatively widely and has reached a point where it provides useful data, so these sorts of multi-party changes can be effective, eventually and should not be a reason for dismissing such initiatives.