Latest anti-spam standard uses digital signatures to verify sender identity
vnunet.com, 12 Jul 2005
In a bid to tackle forged emails, Cisco Systems, Yahoo and others have submitted an anti-spam standard to the Internet Engineering Task Force (IETF).
The Domain Keys Identified Mail (DKIM) specification adds an encrypted digital signature to every email message, allowing recipients to verify the sender's identity.
A mismatch between the sender and the signature is likely to be the result of a spam or phishing email and can easily be picked up by a filter. A correct certificate should increase the recipient's confidence in the sender's authenticity.
The proposed specifications merge two separate technologies: Yahoo's DomainKeys and Cisco's Identified Internet Mail.
Companies contributing to the standard include Alt-N Technologies, America Online, EarthLink, IBM, Microsoft and VeriSign.
The IEFT is expected to discuss the proposed standard later this month at a meeting in Paris. If adopted, the technology will be available free of charge.
Mail servers would have to be DKIM enabled to decode the signature and verify its contents. Similarly a sender's mail server would have to provide both a public and private key to create a unique signature.
While Microsoft has contributed to DKIM, the company is also the main backer of the Sender ID standard. The technology lost several backers last year after a dispute over Microsoft's refusal to allow it to be used in open source applications.
Microsoft is scheduled to start using Sender ID in November with its Hotmail and MSN services. Messages sent to these services from servers that do not provide a so-called Sender Policy Framework (SPF) record will be marked as spam and quarantined.
The SPF contains a list that matches mail servers with a unique IP address. A mismatch between the originating IP address and the domain name listed in the email would suggest that the sender's address has been forged.
The technology breaks some existing email applications, however, including forwarding services and 'send a friend' features in which websites offer to notify friends about a service through email.
More embarrassment for Microsoft as major ISP rejects anti-spam initiative
Apache Software Foundation among developers shunning Microsoft anti-spam measure
Yahoo and Google combat unsolicited blog comments
Linx members aim to take financial incentive out of spam
In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Analyst Simon Perry argues that the data deluge doesn't have...
Do you agree?
Have your say on this article