Spam Relief on the Horizon

May 24, 2007: A new anti-spam technique has emerged in the arms race between email criminals and security firms, and after being given a green light from the Internet Engineering Task Force standards body, the system looks like it could be quite effective at stopping unwanted and risky email.

Called DomainKeys Identified Mail and backed by the likes of Yahoo!, Cisco and PGP Corp, the system uses cryptographically secured digital signatures to “sign” an outgoing email inside its headers.

When an email is received, the signature is checked against the company’s Internet domain name listing for validity. If not verified, a provider can opt to have the email marked as junk.

The system must be installed on both ends for it to work correctly, but in the longer term it could prove highly effective for large organisations and mail providers, particularly banks and other financial institutions whose customers are routinely targeted by phishers.

DomainKeys is an open standard and has so far been accepted as a draft standard by the Internet Engineering Task Force, whether or not it becomes effective now depends on its widespread adoption.

Comment on this story