Backing for tool to battle spam

The DomainKeys Identified Mail system, a tool that could help in the battle against spam and phishing attacks by validating the identity of the sender of an e-mail, has received industry approval. DKIM uses encrypted digital signatures to prove a message's origin and a draft standard has been accepted by the Internet Engineering Task Force, the umbrella group representing firms such as Yahoo, Cisco, Sendmail and PGP Corporation. The firms have pledged to work with ISPs, businesses and financial institutions to roll out the technology as soon as possible. Protecting e-mail users from scams was a top priority, said Mark Delany, lead architect for Yahoo Mail and author of DomainKeys.

Establishing the identity of a sender remains a key consideration in the protection against spam as spammers tend to get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses is known to be used by spammers. DKIM allows honest e-mail senders prove they sent a message by encrypting a two-part key in a selected part of the mail. The e-mail provider puts an encrypted private key, which is linked to a public key held by the internet's domain name system, into the e-mail when it is sent. The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender. However, both the sender and recipient need their mail services to be signed up to DKIM.

News source: BBC News

Report a problem with article
Previous Story

Google to offer life advice

Next Story

Going LIVE with Halo 2 for Windows Vista

5 Comments

Commenting is disabled on this article.

The tough part is getting everyone to switch to it. Things like DKIM (and SPF, etc.) are extensions of the existing system that don't force people to break backwards compatibility to be useful.

I do wish they could scrap everything and start over, but email's too heavily entrenched in its current, insecure form to just rip out and throw away wholesale.

Quote - The Gline said:
I do wish they could scrap everything and start over, but email's too heavily entrenched in its current, insecure form to just rip out and throw away wholesale.

Seems to me that someone could come up with a different protocol to use concurrently with email (you could call it something like iMail) until the new protocol took hold – much like IPv4 and IPv6 are now being used.