IronPort has produced what it claims is the first e-mail security app to supports Yahoo's anti-spam DomainKeys technology.

The X1000 costs £60,000 and is twice as powerful as its existing C-series appliances. It can drastically reduce the number of mail servers that an enterprise needs, the company claimed.

The X1000 is one of a new class of devices which aim to block unwanted email at the network edge, before it gets anywhere near a mail server - hence the reduced mail server loading. It uses a variety of techniques to analyse e-mail, including reputation checks and now DomainKeys. The news comes on the same day that Microsoft announced it was adding its competing Sender ID anti-spam technology to Hotmail.

"DomainKeys adds a domain-level authentication to e-mail that doesn't exist now," said IronPort's marketing VP Tom Gillis. He says that versus SenderID: "I don't think it's either/or, I think they are two different answers to two different problems."

DomainKeys uses encrypted digital signatures which the receiving mail server decrypts and verifies using a public key published in the sender's DNS records, whereas SenderID checks that the sender's IP address is genuine, so can have problems with forwarded e-mail, Gillis said. "There's client-side digital signatures today, but nothing equivalent at the server level to verify the sending domain."

However, other e-mail security experts question the value of yet another authentication technology. "DomainKeys is very much a Yahoo initiative, and we've not seen evidence of it gaining widespread support," noted Mirapoint marketing director Craig Carpenter.

"We are trying to determine how effective such units will be in the wider world - we are very keen not to restrict people, so we're taking a conservative approach. A lot of spam is low-hanging fruit and can be detected fairly easily."

Carpenter adds that if you understand the business model behind spam, you can use that knowledge to help block it: "Spamming is a business, and it's a very profitable one. The whole modus operandi is to hit quickly and go away."

Gillis takes a different tack though. "We fundamentally think that to fix the problem of spam, you have to change how email works on the Internet," he says, adding that tools such as DomainKeys and IronPort's SenderBase reputation service will form part of the next generation secure email infrastructure, layered onto SMTP.

"Adding authentication will block more and more at the connection level, but authentication is only the first of three steps - the question of who are you," he continues. "The second is what do I know about you, then the third piece is dynamically-applied policies.

"Existing services are binary, for example spam blacklists. In tomorrow's e-mail infrastructure we'll authenticate senders then apply policies on how much they can send. We might not shut off a new sender, say, but throttle them back while we determine if they're trustworthy."