eMail authentication standard emerges
Yahoo and Cisco Systems will submit their email authentication specification, DomainKeys Identified Mail (DKIM), to the Internet Engineering Task Force (IETF) to be considered as an industry standard.
Discussions will begin at the IETF meeting in Paris between July 31 and August 5, Yahoo and Cisco officials said.
DKIM combines Yahoo’s DomainKeys and Cisco’s Internet Identified Mail, two email authentication technologies developed separately, which the companies announced in June they would combine with the intention of licensing the resulting specification royalty-free throughout the industry.
Spoiler for spoofers
DKIM is designed to give email providers a mechanism to verify the origin of email messages and to combat spoofing. Spammers use spoofing to change an email message’s header information to deceive recipients into believing the message was sent by a known and trusted personal acquaintance or a legitimate business, such as a bank or an online store.
Very often, spammers’ ultimate goal with spoofing is to trick recipients into revealing confidential information, such as social security numbers, bank account information and passwords, in scams often referred to as “phishing.”
Yahoo and Cisco are designing DKIM to be as compatible as possible with DomainKeys, so that migration to DKIM will be smooth for organizations that have already implemented DomainKeys, said Jim Fenton, distinguished engineer at Cisco.
“We have made a real effort to preserve the investment in infrastructure that people who have implemented DomainKeys have made,” Fenton said.
Cisco announced its Internet Identified Mail specification in June of last year, but it’s unpublished, so there have been only three prototype implementations made: an internal one at Cisco and two external ones, Fenton said.
The companies decided to combine their cryptographic technologies because they found them to be very similar and “we didn’t feel we needed to have two technologies that did the same thing,” Fenton said.
DomainKeys has been more widely tested and adopted, and Yahoo receives about 350 million email messages signed with it every day, said Miles Libbey, Yahoo’s antispam product manager.