- Joined
- Jan 24, 2004
- Messages
- 1,333
- Reaction score
- 12
The DomainKeys Identified Mail spec helps sort and identify legitimate e-mail
Todd R. Weiss and Robert McMillan, IDG News Service
May 23, 2007 (Computerworld) -- Specifications for a new e-mail authentication tool to help fight against phishing and spam were published yesterday by the Internet Engineering Task Force (IETF), opening the way for software vendors and e-mail service providers to find better ways to protect e-mail recipients.
The specifications were announced for DomainKeys Identified Mail (DKIM), a new technology that combines several existing antiphishing and antispam methods to create an improved way to sort and identify legitimate e-mail. The specifications provide details that independent software vendors and e-mail service providers can use to build the protections into their products and services immediately.
Instead of using a traditional IP address to identify the sender of each message, DKIM adds a digital signature associated with the organization's domain name. That signature is then validated invisibly at the recipient's end. "White lists" and "black lists" are then used by the e-mail infrastructure software to validate the reputation of the sender.
"Domain names are far more stable than IP addresses," said Dave Crocker, an IT consultant and contributor to the DKIM project. "Domain names align with an organization far better than an IP address."
Because it incorporates a digital signature, "it allows a piece of e-mail to be identified definitively as somebody's," rather than as an e-mail coming from an IP address that could used by multiple people or a spam bot," he said. "It's a step along the way to regaining trust in e-mail," Crocker added.
The core technologies used in DKIM have been around for years, he said. "We're taking existing pieces and using them together in new ways."
DomainKeys is a project begun several years ago by Yahoo Inc. as a way to fight phishing and spam; the Identified Internet Mail project was begun by Cisco Systems Inc.
The DomainKeys project was particularly innovative because it specified the use of domain names rather than IP addresses to authenticate senders, Crocker said. DomainKeys also used the existing Domain Name System (DNS) to transmit the public keys needed for encryption, rather than adding yet another infrastructure layer.
An informal consortium of about a dozen IT vendors and organizations, including Yahoo, Cisco, EarthLink Inc., Microsoft Corp., PGP Corp., StrongMail Systems Inc., VeriSign Inc. and Sendmail Inc., have met for a year to create the new specifications for DKIM. It was first submitted to the IETF for consideration as a new e-mail standard to fight phishing and spam in July.
Second Part Of Artice Here
Todd R. Weiss and Robert McMillan, IDG News Service
May 23, 2007 (Computerworld) -- Specifications for a new e-mail authentication tool to help fight against phishing and spam were published yesterday by the Internet Engineering Task Force (IETF), opening the way for software vendors and e-mail service providers to find better ways to protect e-mail recipients.
The specifications were announced for DomainKeys Identified Mail (DKIM), a new technology that combines several existing antiphishing and antispam methods to create an improved way to sort and identify legitimate e-mail. The specifications provide details that independent software vendors and e-mail service providers can use to build the protections into their products and services immediately.
Instead of using a traditional IP address to identify the sender of each message, DKIM adds a digital signature associated with the organization's domain name. That signature is then validated invisibly at the recipient's end. "White lists" and "black lists" are then used by the e-mail infrastructure software to validate the reputation of the sender.
"Domain names are far more stable than IP addresses," said Dave Crocker, an IT consultant and contributor to the DKIM project. "Domain names align with an organization far better than an IP address."
Because it incorporates a digital signature, "it allows a piece of e-mail to be identified definitively as somebody's," rather than as an e-mail coming from an IP address that could used by multiple people or a spam bot," he said. "It's a step along the way to regaining trust in e-mail," Crocker added.
The core technologies used in DKIM have been around for years, he said. "We're taking existing pieces and using them together in new ways."
DomainKeys is a project begun several years ago by Yahoo Inc. as a way to fight phishing and spam; the Identified Internet Mail project was begun by Cisco Systems Inc.
The DomainKeys project was particularly innovative because it specified the use of domain names rather than IP addresses to authenticate senders, Crocker said. DomainKeys also used the existing Domain Name System (DNS) to transmit the public keys needed for encryption, rather than adding yet another infrastructure layer.
An informal consortium of about a dozen IT vendors and organizations, including Yahoo, Cisco, EarthLink Inc., Microsoft Corp., PGP Corp., StrongMail Systems Inc., VeriSign Inc. and Sendmail Inc., have met for a year to create the new specifications for DKIM. It was first submitted to the IETF for consideration as a new e-mail standard to fight phishing and spam in July.
Second Part Of Artice Here
