Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bye Bye Spam and Phishing with DKIM?

Posted by Zonk on from the teflon-for-your-mailbox dept.

ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"

3 of 134 comments (clear)

  1. yahoo press release by Ramses0 · · Score: 3, Informative

    http://yodel.yahoo.com/2007/05/22/one-small-step-f or-email-one-giant-leap-for-internet-safety/

    It also has some nice background information on DKIM.

    --Robert

  2. Re:few users by WrongSizeGlass · · Score: 5, Informative

    Ditto.
    The ISP of one of my clients just turned on 'greylisting' and their mail volume dropped 71%, knocking their spam % down to 11% of their new volume.

    They would rather spend the budget on stopping spam rather than upgrading their servers. It's that big of a problem.

    DKIM will help (until fake 'certificates' show up) but it won't solve the problem. Only flame-throwers, and lots of them, will fix this once and for all.

  3. Re:Sooooo close... but not going to work. by MightyMartian · · Score: 3, Informative

    You've come close to what I arrived at in the last few months of my job working for an ISP, that all these kludgy attempts to beef up SMTP would always be fatally flawed unless we (and by that I mean Joe Average and admins) was prepared for inconveniences. That means putting an end to straight-out forwarding, because that pretty much busts everything without the major overhead of rewriting the headers. It means locking down the servers themselves and not expecting some "good neighbor" protocol to somehow magically take care of the problem. As someone else has pointed out, how is DomainKeys any different than PGP signing, which has been around for two decades now. Even if we went to DomainKeys or PGP, it still wouldn't stop all those zombies out there from happily sending signed spam. It means that distributed dictionary attacks would have to come in with a legitimate address from the source network, but I doubt the spammers are going to give a damn about that.

    The problem with spam is that it isn't just an email problem. If it was, then we'd all have had this beat a long time ago.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.