Make our anti-spam tech the standard, say Yahoo! and Cisco

An anti-spam technology that focuses on identifying forged email addresses has been proposed as a standard by Cisco Systems, Yahoo! and partners.

The companies, along with software makers Sendmail and PGP, submitted their DomainKeys Identified Mail (DKIM) specification to the Internet Engineering Task Force (IETF) this weekend. The IETF, a standards setting body, is expected to start discussing the technology during its meeting at the end of July in Paris, a Yahoo! representative said on Monday.

With DKIM, which relies on public key cryptography, a digital signature is attached to outgoing email so recipients can verify that the message comes from its claimed source. The idea is to make it easier to eliminate spam or phishing emails with spoofed addresses by marking out legitimate messages. The specification merges two earlier proposals, Yahoo!'s DomainKeys technology and Cisco's Internet Identified Mail system.

Miles Libbey, an anti-spam product manager at Yahoo! Mail, said: "This is a big milestone for us and the email authentication world. This submission to the IETF represents collaboration between a lot of players in the email authentication world." Other companies involved include Alt-N Technologies, AOL, EarthLink, IBM, Microsoft and VeriSign, Yahoo! said.

Standardisation of a technology is important for its acceptance. Non-standard technology is not likely to be implemented in products or adopted by users. The IETF is likely to establish a working group to further debate DKIM, the Yahoo! representative said.

The specification calls for email domain owners to create a pair of public and private cryptographic keys. The public key is published in the Domain Name System record, while the private key is stored on a DKIM-enabled mail server. Each outgoing message is then signed, with the signature stored in the email header.

On the receiving end, a DKIM-enabled mail server extracts the signature and uses the public key to verify that the signature was generated by the sending domain.

The announcement of the IETF submission comes a day before the start of the Email Authentication Implementation Summit 2005 in New York, where experts will discuss email security technology and encourage its adoption.

At the event, attention is likely to turn to another email security technology, Sender ID, which has Microsoft as its main backer. The Sender ID specification is making its way through the standards process.

Sender ID and DKIM have similar goals: to improve the security and reliability of email and to stop the tide of spam, phishing and email fraud. The technologies can work side by side, Yahoo! said.

Yahoo! first submitted DomainKeys to IETF last March. The new submission is for the merged technology with Cisco. The partners now have some real-world examples of DKIM at work, according to the Yahoo! representative.

Joris Evers writes for CNET News.com