Technology news and Jobs 
Information Technology News Spammers, phishers threatened by DKIM standard
Information Technology News Spammers, phishers threatened by DKIM standard | Spammers, phishers threatened by DKIM standard |
|
| by Stephen Withers | |
| Thursday, 24 May 2007 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
How does this stop spam, phishing and other forms of bogus email? It doesn't prevent them being sent, but it will interfere with their delivery - but only when so many legitimate mail servers have implemented DKIM that people are prepared to accept that messages failing DKIM checks will not be delivered. Currently, email servers and clients take the information contained in messages at face value - if an email purports to come from example.com, that's the end of the story. But with DKIM, a message sent by (say) a PC that has been recruited into a botnet might claim to be from example.com, but the signature won't pass examination and so the message can be ignored. Spammers could send DKIM messages, but they would have to use their own domains, or accounts on bona fide mail servers. This could result in spam blacklists and whitelists becoming more reliable and less likely to interfere with legitimate traffic. However, the ease and low cost of registering a global domain name (eg in the .com space) could lead serious spammers to treat domains as disposable. If it costs less than $US10 to register a domain that's used to send tens of million messages in a few days, the economics of spam are hardly disturbed. That said, once spam filters decide a particular domain is spammy, further messages can be easily blocked with little risk of interrupting genuine messages (as can happen when sending domain names are spoofed). If a phisher chose to apply DKIM to outgoing messages in order to get messages past these barriers, it would be much more apparent to the recipient that the message was bogus - assuming it gets that far. Mail server administrators and spam filtering providers could block all unsigned messages purporting to come from financial institutions known to use DKIM. DKIM is derived from earlier projects: Yahoo's Domain Keys and Cisco's Identified Internet Mail. PGP and Sendmail also contributed to the draft standard. One possible obstacle to widespread adoption is that Microsoft has an alternative proposal called Sender ID. The good news is that it has been involved in the development of DKIM along with AOL, EarthLink, IBM, VeriSign and others, "[I]ndustry support for sender authentication technologies will mean that [consumers] can start trusting email again, and it can resume its role as one of the most powerful communication tools of our times," said Yahoo officials.{moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
