The Word on E-mail Authentication

In a step that should help slash the volume of unwanted and pernicious e-mail, a group developing technical specs for the e-mail authentication standard DKIM (Domain Keys Identified Mail), has just completed a major portion of its work.

According to Dave Croker, a member of the Mutual Internet Practices Association (MIPA), the group put the finishing touches on technical specifications for DKIM in Montreal last week, paving the way for the Internet Engineering Task Force (IETF) approval of the spec.

The IETF is withholding its approval of the spec until the MIPA completes an in-depth threat analysis and resolves issues that process had identified.

“The core work is just about done,” Croker told internetnews.com. “What we’ve got now is a stable spec.”

Although DKIM is already in widespread use, completing it means “the community can be on the same page in terms of what DKIM is and is not doing,” said Croker.

According to proponents, the newly defined DKIM is especially useful because the cryptographic signature it defines will hold up well under challenging conditions, such as when a spammer tries to trick recipients by using forwards.

“DKIM will survive hops like forwarding — other systems will not maintain integrity,” explained Audian Paxson, another MIPA member.

“The cryptographic signing has a better chance [than competing standards] of retaining its integrity before it reaches the end user.”

Another widely used standard for e-mail authentication is Microsoft’s Sender ID. But many in the industry have resisted it because Microsoft insists on maintaining patent ownership rights.

Full article: internetnews.com