IETF accepts DKIM specification as proposed standard

Posted by   Virus Bulletin on   May 23, 2007

Email authentication system moves to approval stage.

The Internet Engineering Task Force (IETF), the body overseeing the technical running of the Internet, has accepted a new system for identifying and validating legitimate email into the final stages of approval as an Internet RFC standards document.

DomainKeys Identified Mail (DKIM) is a proposed system to apply cryptographic PKI-based signatures to outgoing mail, which could be validated by the recipient system to ensure that spoofed mail claiming to be sent from a recognised source is easily spotted and filtered out, with the aim of reducing spam and in particular phishing.

The system evolved from earlier ideas developed by Yahoo! and Cisco, and has been under discussion for some time, with representatives from IBM and MIT university involved in the working group overseeing the project, and further input from many important players in the email and authentication spheres, including AOL, Earthlink, Microsoft, PGP Corporation, Sendmail and Verisign.

The group has spent two years developing requirements documents and specifications for the system. The approval by the IETF passes the specification through to the 'proposed standard' phase, which puts the idea forward to a wider group of experts for honing and approval, and will move up to the 'draft standard' phase before final approval and implementation. The open-standard system relies on widespread takeup to be fully effective, and operates at a higher level than authentication systems already in place, including Microsoft's own Sender-ID system.

The DKIM main site, with more detail on the standard and its development process, is here, and the full current DKIM RFC, RFC 4781, is here. Some comment on the latest step in the approval process from a Yahoo! blogger can be found here, and an overview at Silicon.com is here.

Posted on 23 May 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.