Yahoo and Cisco put anti-spam standard forward

• Tags:
• Anti-spam,
• IETF,
• DKIM,
• SenderID

Joris Evers CNET News

Published: 12 Jul 2005 10:00 BST

• 
• 
• 
• 
• 

An anti-spam technology that focuses on identifying forged email addresses has been proposed as a standard by Cisco, Yahoo and partners.

The companies, along with software makers Sendmail and PGP, submitted their DomainKeys Identified Mail specification to the Internet Engineering Task Force this weekend. The IETF is expected to start discussing the technology during its meeting at the end of July in Paris, a Yahoo representative said on Monday.

With DKIM, which relies on public key cryptography, a digital signature is attached to outgoing email so recipients can verify that the message comes from its claimed source. The idea is to make it easier to eliminate spam or phishing emails with spoofed addresses by marking out legitimate messages. The specification merges two earlier proposals, Yahoo's DomainKeys technology and Cisco's Internet Identified Mail system.

"This is a big milestone for us and the email authentication world," said Miles Libbey, an anti-spam product manager at Yahoo Mail. "This submission to the IETF represents collaboration between a lot of players in the email authentication world." Other companies involved include Alt-N Technologies, AOL, EarthLink, IBM, Microsoft and VeriSign, Yahoo said.

Standardisation of a technology is important for its acceptance. Non-standard technology is not likely to be implemented in products or adopted by users. The IETF is likely to establish a working group to further debate DKIM, the Yahoo representative said.

The specification calls for email domain owners to create a pair of public and private cryptographic keys. The public key is published in the DNS record, while the private key is stored on a DKIM-enabled mail server. Each outgoing message is then signed, with the signature stored in the email header.

On the receiving end, a DKIM-enabled mail server extracts the signature and uses the public key to verify that the signature was generated by the sending domain.

The announcement of the IETF submission comes a day before the start in New York of the Email Authentication Implementation Summit 2005, where experts will discuss email security technology and encourage its adoption.

At the event, attention is likely to turn to another email security technology, Sender ID, which has Microsoft as its main backer. The Sender ID specification is making its way through the standards process.

Sender ID and DKIM have similar goals: to improve the security and reliability of email and to stop the tide of spam, phishing and email fraud. The technologies can work side by side, Yahoo said.

Yahoo first submitted DomainKeys to IETF last March. The new submission is for the merged technology with Cisco. The partners now have some real-world examples of DKIM at work, the Yahoo representative said.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed