First though, if you don't know what Domain Keys is, as it applies to email, here's the definition:
An e-mail authentication method that computes a digital signature which is added to the message header. The receiving mail server obtains the sender's public key from the DNS system to validate the signature. In 2004, Yahoo! began to sign all outgoing mail with DomainKeys headers.Now... in the face of this large-scale implementation from Google, eBay and PayPal (the most phished brands on the Internet) it would almost seem obvious that this system should have been put in place years ago - at it is clearly proving to be worth the effort. False-positive rates are zero (is it even possible to fake a digital signature?), email SPAM/Phishing traffic is cut by a large chunk - so we ask ourselves... why isn't everyone doing it?
Yahoo! and Cisco = DomainKeys Identified Mail
Yahoo!'s DomainKeys was combined with Cisco's Identified Internet Mail system, which maintains signature consistency, to become DomainKeys Identified Mail (DKIM). DKIM is backward compatible with the DomainKeys system. See e-mail authentication and digital signature.
Much like DNSSEC (DNS Secured) it's simply a matter of implementation on a large scale, and the added overhead from the security verification operations. But I would say this to those who are thinking about implementation... there are two sides to this operation. The side that signs it (the verified sender) and the side that reads it and throws away/rejects the non-signed emails (receiver/email host). Obviously, in order to make this all happen large-scale email hosting providers (such as ComCast, Verizon, SBC/AT&T, and the like) would have to turn on filtering for messages that are non-signed. Interesting.
Here's how this works in real-life...
- Company A decides it's sick of its users being phished, and implements DomainKeys/DK
- Company A then has to contact all email hosting providers that their users primarily use (that it's practical to reach) and alerts them to only accept signed (authenticated) emails
- Email hosts start to filter and throw away phishing/spam email
So while we try and solve the SPAM/phishing debacle, DomainKeys (and GMail and Yahoo! Mail) take us one step closer...
...discuss.
No comments:
Post a Comment