Email authentication standard approved

25 May 2007

The Internet Engineering Task Force (IETF), the official group in charge of web standards that represents industry leaders like Yahoo! and Cisco, has approved a new email standard that will help prevent spam and phishing.

Domain Keys Identified Mail (DKIM) is an authentication method that validates an identity associated with an email message, using cryptographic signature technology.

According to the Anti-Phishing Working Group, 24,000 phishing cons were reported in the US in February of this year alone.

From those reported scams, it was found that over 100 well-known brands were forged to carry out some of the phishing.

The DKIM standard, if implemented, will help both internet service providers (ISPs) and consumers to determine if the emails they receive come from a valid domain.

Mark Delany, head architect for Yahoo! Mail, said: “We are gratified that the core DKIM technology, which Yahoo! first introduced in 2003, has evolved to reach this milestone through the IETF process, and that DKIM is positioned to become the pre-eminent standard for email authentication.

“We currently see about a billion DomainKeys signed emails flow through Yahoo! Mail each day and we look forward to continued momentum as more senders adopt the new email authentication standard.”

Domain Keys is not the only way to validate a domain name: Sender Policy Framework (SPF), Certified Server Validation (CVS), and SenderID also perform this function.

Currently, there is no one standard for email encryption, authentication or certification. However, MOSS, PEM, PGP, PGP/MIME and S/MIME are the most common forms.

Microsoft Outlook, for example, uses the S/MIME version 3 standard.

By Marie Boran