DomainKeys approved as anti-spam standard

DomainKeys attaches an encrypted digital signature unique to the sender to each email

The Internet Engineering Task Force has granted preliminary approval to DomainKeys Identified Mail (DKIM). 

The industry standard promises to curb spam by preventing spoofing, the forging of the sender's email address to make it appear as if the message originated from a reputable company instead of a spammer.

DomainKeys attaches an encrypted digital signature unique to the sender to each email when it is sent. If the sender's address does not match the signature it can be discarded as spam.

The technology was pioneered by Yahoo and Cisco and is supported by major email players including IBM, Microsoft, EarthLink and Google. 

The support of these email providers allows the majority of the world's email accounts to benefit from DomainKeys.

"For nearly 20 years, the bad guys have had an easy way to hide," Yahoo engineer Mark Delany said in a posting on a company blog. "With the widespread adoption of DKIM we can correct that imbalance."

But some industry analysts are sceptical of just how much DKIM will help in the fight against spam and phishing.

Even though DomainKeys has been implemented by the large email providers, Fred Cohen, of security consulting firm Fred Cohen and Associates, warned that the technology would require much wider adoption to make a dent in spam volumes. 

"Unless you want to decline email from everybody who has not adopted DKIM, it is not going to help much," he told vnunet.com.

Cohen suggested that the tide of spam and phishing will not be stemmed by a technological breakthrough, but by consumer behaviour making the practice unprofitable.

"There are certain things about the nature of email that cause it to be what it is," he said. "The economic benefits of spam will not be changed by this or any of the other schemes."

DomainKeys is just one of several proposed anti spam standards. Microsoft is backing its own Sender ID anti-spam standard which requires domain name owners to publish a list of IP addresses that they use to send email.  

It is considered nearly impossible to spoof an IP address, so a mismatch in the sender's domain and IP address is a tell-tale sign that a message is spam.

Sender ID has failed to gather industry support, however, in part because it is covered by several patents owned by Microsoft.  

The software giant has provided a royalty-free licence to the technology to proprietary and open source projects to overcome these hurdles.

AOL started a programme last year that offered guaranteed passage through its spam filters at a fee.  

The move drew sharp criticism from free speech activists because it creates a two-tier system that discriminates against not-for-profits and individual activists.