Latest anti-spam standard uses digital signatures to verify sender identity
vnunet.com, 12 Jul 2005
In a bid to tackle forged emails, Cisco Systems, Yahoo and others have submitted an anti-spam standard to the Internet Engineering Task Force (IETF).
The Domain Keys Identified Mail (DKIM) specification adds an encrypted digital signature to every email message, allowing recipients to verify the sender's identity.
A mismatch between the sender and the signature is likely to be the result of a spam or phishing email and can easily be picked up by a filter. A correct certificate should increase the recipient's confidence in the sender's authenticity.
The proposed specifications merge two separate technologies: Yahoo's DomainKeys and Cisco's Identified Internet Mail.
Companies contributing to the standard include Alt-N Technologies, America Online, EarthLink, IBM, Microsoft and VeriSign.
The IEFT is expected to discuss the proposed standard later this month at a meeting in Paris. If adopted, the technology will be available free of charge.
Mail servers would have to be DKIM enabled to decode the signature and verify its contents. Similarly a sender's mail server would have to provide both a public and private key to create a unique signature.
While Microsoft has contributed to DKIM, the company is also the main backer of the Sender ID standard. The technology lost several backers last year after a dispute over Microsoft's refusal to allow it to be used in open source applications.
Microsoft is scheduled to start using Sender ID in November with its Hotmail and MSN services. Messages sent to these services from servers that do not provide a so-called Sender Policy Framework (SPF) record will be marked as spam and quarantined.
The SPF contains a list that matches mail servers with a unique IP address. A mismatch between the originating IP address and the domain name listed in the email would suggest that the sender's address has been forged.
The technology breaks some existing email applications, however, including forwarding services and 'send a friend' features in which websites offer to notify friends about a service through email.
More embarrassment for Microsoft as major ISP rejects anti-spam initiative
Apache Software Foundation among developers shunning Microsoft anti-spam measure
Yahoo and Google combat unsolicited blog comments
Linx members aim to take financial incentive out of spam
V3.co.uk gets a walk through of the Hero, which includes HTC's new Sense overlay for Android
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
NetGear's four-bay compact network-attached storage gets a serious speed boost
Do you agree?
Have your say on this article