Domain Keys and DKIM
DomainKeys is an open source technology to protect both email senders
and e-mail users. It is a means of authenticating the e-mail message
did originate from the sender. More than 40% of inbound traffic
to Yahoo Mail is using DomainKeys [ more than 1 billion messages
DKIM is the successor of DomainKeys. Mail senders [private companies
and e-mail service providers], are adopting one or both technologies
DKIM is a simple technology, implemented by senders for free using
a software plug in. However, the software is only one part of the
program. It takes time for the business to understand who is sending
e-mail on a company's behalf.
Within 18 months, all of the top financial institutions will use
For Senders - The benefit for senders is that
they can more easily manage their outbound e-mail traffic.
For Receivers - Maintain a list of domains that
are meaningful rather than IP addresses which are irrelevant.
For instance, Yahoo has an arrangement with PayPal where they
reject e-mail that supposedly comes from PayPal or eBay but isn't
signed. They are working with senders and third-party e-mail service
providers to make this a scalable solution. Time is required to
gain confidence with DKIM on both sides [before you can start rejecting
Using e-mail authentication based on DomainKeys and DKIM allows
receivers to clearly determine if the e-mail came from the source.
ISPs can either block unsigned e-mail for companies that use DKIM,
or send it through more filtering.
Expected Impact of DKIM on Phishing
DKIM is past tipping point, with small email list senders using
it. It is easy to start in a controlled manner, before you reach
the point of signing 100% of your mail. There are tremendous benefits
if you are only signing 10% of your mail. Those 10% of messages
are clearly documented as to where they are coming from, and they
will get privileges in the in-boxes of Yahoo Mail users.
With DomainKeys released to open source and on the IETF standards
track, e-mail authentication may become more widely accepted. Being
close to critical mass ISPs like Yahoo and others will start taking
action around it with priority routing decisions to help reduce
spam, phishing and fraudulent e-mail.
Microsofts Approach to DKIM
Microsoft has introduced a technology that works in a messier
way. (More on the Microsoft vs. Yahoo approaches.) The Microsoft's
Sender ID framework relies on a message coming directly from one
IP address to the receiver without any other hops in between. If
the message has been forwarded, Sender ID doesn't work. With DKIM
it doesn't matter how many hops a message has come through, we can
still confer privileges upon it.
Between Yahoo and Microsoft Solutions
Whilst this is a great start to resolving email spam and phishing
problems, the solution is far from robust at this stage. Comments
posted online claim that DKIM-signed authentic Phishing email has
been orignating from Yahoo's own servers every day for over TWO
Back To Top
Free Tools Index | IM
Process | Affiliate Tools | Widgets
| Product Launch | DomainKeys