2005/07/12

Industry giants get tough on spam - vnunet.com

Industry giants get tough on spam - vnunet.com

There's another anti-spam standard being submitted to the IETF (Internet Engineering Task Force) called Domain Keys Identified Mail (DKIM). It's been developed by Yahoo (who developed DomainKeys) and Cisco Systems' Identified Internet Mail, though other companies are contributing to the standard such as Alt-N Technologies, America Online, EarthLink, IBM, Microsoft and VeriSign.

If adopted by the IETF the technology will be available free of charge (and more probably free of license restrictions).

DKIM uses a public key infrastructure such that each Email is signed (usually by the ISP mailserver, though it can be done by the Email client) with a private key, and when it's received by the recipient (or more likely their ISP's mailserver) it can check the authenticity of signature by checking with the public key for that Email domain (which is made freely available).

SPAMmers wouldn't be able to forge the private key for another domain, so it would reduce the ammount of forged Email pertaining to come from real addresses. They could use their own domains, but these would rapidly be found to be SPAM sources and blocked by normal means.

Microsoft already has a technology that performs differently but would also reduce forgeries (caller ID for Email, now Sender ID) but they refused to drop licensing restrictions on it, though they are implementing on Hotmail and MSN (for outgoing Email) and any inbound Email without SenderID will be marked as SPAM sometime late this year.

Another technology, Sender Policy Framework is also availble and is freely licensed. Unfortunately it's not been widely adopted and has issues will mail forwarding services.

Maybe DKIM is the answer and will be adopted by tthe IETF.

No comments: