The Internet Engineering Task Force has granted preliminary approval to the DomainKeys Identified Mail (DKIM).
The industry standard promises to curb spam email by preventing spammers spoofing, the practice of forging the sender's email address to make it appear like the message originated from a reputable company instead of some shady offshore spammer.
DomainKeys attaches an encrypted digital signature unique to the sender to each e-mail message when it is sent. A message where the sender's address doesn't match the signature can be discarded as spam.
The technology was www.vnunet.comby Yahoo and Cisco and is supported by major email players including IBM, Microsoft, Earthlink, and Google. The support of those email providers allows the majority of the world's email accounts to benefit from the DomainKeys.
"For nearly 20 years, the bad guys have had an easy way to hide," Yahoo engineer Mark Delany said in an posting for a company blog.
"But now, with widespread adoption of DKIM, we can correct that imbalance."
Some industry analysts, however, are sceptical of just how much the DKIM standard will help in the fight against spam and phishing.
Even though DomainKeys has been implemented by the large email providers, Fred Cohen with security consulting firm Fred Cohen and Associates cautioned that it would require much wider adoption to make a dent in spam volumes.
"Unless you want to not receive email from everybody who hasn't adopted it, it is not going to help much," Cohen told vnunet.com
He suggested that it's not a technological breakthrough that will stem the tide of spam and phishing, but consumer behaviour making the practice unprofitable.
"There are certain things about the nature of email that cause it to be what it is," he said.
"The economic benefits of spam will not be changed by this or any of the other schemes."
DomainKeys is just one of several proposed anti spam standards.
Microsoft is also backing its own www.vnunet.com spam standard. It requires domain name owners to publish a list of IP addresses that it uses to send email. Because it is considered nearly impossible to spoof an IP address, a mismatch in the sender's domain and IP address can be considered a tell-tale sign that a message is spam.
The technology however has to gather industry support, in part because it is covered by several patents owned by Microsoft. The software vendor has provided a royalty free license to the technology to both proprietary and open source projects to overcome those hurdles.
AOL last year started offering a programme that offered through its spam filters at a fee. The program drew sharp criticism from free speech activists because it creates a two-tier system that discriminates against not-for-profits and individual activists.
Anti-spam reaches standard status
By Shaun Nichols on May 24, 2007 11:35AM