Fighting malware and spam

IETF accepts DKIM specification as proposed standard

Email authentication system moves to approval stage.

The Internet Engineering Task Force (IETF), the body overseeing the technical running of the Internet, has accepted a new system for identifying and validating legitimate email into the final stages of approval as an Internet RFC standards document.

DomainKeys Identified Mail (DKIM) is a proposed system to apply cryptographic PKI-based signatures to outgoing mail, which could be validated by the recipient system to ensure that spoofed mail claiming to be sent from a recognised source is easily spotted and filtered out, with the aim of reducing spam and in particular phishing.

The system evolved from earlier ideas developed by Yahoo! and Cisco, and has been under discussion for some time, with representatives from IBM and MIT university involved in the working group overseeing the project, and further input from many important players in the email and authentication spheres, including AOL, Earthlink, Microsoft, PGP Corporation, Sendmail and Verisign.

The group has spent two years developing requirements documents and specifications for the system. The approval by the IETF passes the specification through to the 'proposed standard' phase, which puts the idea forward to a wider group of experts for honing and approval, and will move up to the 'draft standard' phase before final approval and implementation. The open-standard system relies on widespread takeup to be fully effective, and operates at a higher level than authentication systems already in place, including Microsoft's own Sender-ID system.

The DKIM main site, with more detail on the standard and its development process, is here, and the full current DKIM RFC, RFC 4781, is here. Some comment on the latest step in the approval process from a Yahoo! blogger can be found here, and an overview at Silicon.com is here.

23 May 2007

Tags: ietf, spam, standards.