The DomainKeys Identified Mail system, a tool that could help in the battle against spam and phishing attacks by validating the identity of the sender of an e-mail, has received industry approval. DKIM uses encrypted digital signatures to prove a message's origin and a draft standard has been accepted by the Internet Engineering Task Force, the umbrella group representing firms such as Yahoo, Cisco, Sendmail and PGP Corporation. The firms have pledged to work with ISPs, businesses and financial institutions to roll out the technology as soon as possible. Protecting e-mail users from scams was a top priority, said Mark Delany, lead architect for Yahoo Mail and author of DomainKeys.
Establishing the identity of a sender remains a key consideration in the protection against spam as spammers tend to get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses is known to be used by spammers. DKIM allows honest e-mail senders prove they sent a message by encrypting a two-part key in a selected part of the mail. The e-mail provider puts an encrypted private key, which is linked to a public key held by the internet's domain name system, into the e-mail when it is sent. The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender. However, both the sender and recipient need their mail services to be signed up to DKIM.
News source: BBC News