New antiphishing, antispam specifications unveiled

Yahoo-, Cisco- launched project combines existing methods to sort and identify legitimate e-mail

Specifications for a new e-mail authentication tool to help fight against phishing and spam were published yesterday by the Internet Engineering Task Force (IETF), opening the way for software vendors and e-mail service providers to find better ways to protect e-mail recipients.

The specifications were announced for DomainKeys Identified Mail (DKIM), a new technology that combines several existing antiphishing and antispam methods to create an improved way to sort and identify legitimate e-mail. The specifications provide details that independent software vendors and e-mail service providers can use to build the protections into their products and services immediately.

Instead of using a traditional IP address to identify the sender of each message, DKIM adds a digital signature associated with the organization's domain name. That signature is then validated invisibly at the recipient's end. "White lists" and "black lists" are then used by the e-mail infrastructure software to validate the reputation of the sender.

"Domain names are far more stable than IP addresses," said Dave Crocker, an IT consultant and contributor to the DKIM project. "Domain names align with an organization far better than an IP address."

Because it incorporates a digital signature, "it allows a piece of e-mail to be identified definitively as somebody's," rather than as an e-mail coming from an IP address that could used by multiple people or a spam bot," he said. "It's a step along the way to regaining trust in e-mail," Crocker added.

The core technologies used in DKIM have been around for years, he said. "We're taking existing pieces and using them together in new ways."

DomainKeys is a project begun several years ago by Yahoo as a way to fight phishing and spam; the Identified Internet Mail project was begun by Cisco Systems.

The DomainKeys project was particularly innovative because it specified the use of domain names rather than IP addresses to authenticate senders, Crocker said. DomainKeys also used the existing Domain Name System (DNS) to transmit the public keys needed for encryption, rather than adding yet another infrastructure layer.

An informal consortium of about a dozen IT vendors and organizations, including Yahoo, Cisco, EarthLink, Microsoft, PGP, StrongMail Systems, VeriSign and Sendmail, have met for a year to create the new specifications for DKIM. It was first submitted to the IETF for consideration as a new e-mail standard to fight phishing and spam in July 2005.

To make it work, DKIM now has to be adopted and incorporated by independent software vendors into their e-mail applications and related infrastructures. Paul Hoffman, a director at the Domain Assurance Council, a trade association for the domain reputation industry, said he believes that e-mail service providers such as Yahoo and Google will lead the way.

"You're going to see a bunch of adoption from the receivers within the next six months, and that will spur the senders," Hoffman said. "Once the receivers are saying there's a higher chance you're going to get white-listed, the senders are going to say, 'Great, sign me up.'

"As far as we can, tell all the major [e-mail services] are very interested implementing it," he said. "We believe from what they've said that all of them are going to include DKIM fairly high in the list of white-listing technologies."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?