Yahoo, Cisco Team on E-Mail Authentication

By Matthew Hicks  |  Posted 2005-06-01 Print this article Print

The companies announce work on a cryptographic authentication method that combines Yahoo's DomainKeys and Cisco's Identified Internet Mail specifications.

SAN JOSE, Calif.—Yahoo and Cisco have joined forces to promote a cryptographic approach for authenticating e-mail in the battle against fraud and spam. The two companies announced Wednesday that they are combining their two separate authentication proposals into a new specification called DomainKeys Identified Mail, or DKIM, and are planning to propose it as a Web standard. Yahoo Inc. has been rallying around an approach it calls DomainKeys since late 2003, while Cisco Systems Inc. a year ago developed a authentication technology called Internet Identified Mail.
Both use public key cryptography in an attempt to verify the sender of an e-mail to combat the fraud used in phishing attacks and spam.
The merged specification, which has yet to be finalized, will combine DomainKeys method of verifying a sender at the level of the Internets DNS (Domain Name System) with the Identified Internet Mail specifications approach for maintaining the consistency of header signatures in messages as they transverse networks, said officials with the companies. "Conceptually the two [specifications] are very similar," said Miles Libbey, anti-spam product manager for Yahoo Mail. "Both in their standalone versions had the ability to prevent forgery. By taking the best of both of them, we hope it increases those strengths." Online attackers regularly send unsolicited e-mails and lure consumers into clicking malicious links or providing personal information by disguising their e-mail addresses with the domains of major consumer companies. Read more here about the rise of crypto techniques for e-mail authentication. Ciscos specification has been less visible in the industry than DomainKeys and a Microsoft Corp.-based authentication approach called Sender ID, according to analysts. Yahoos DomainKeys, in particular, has begun gaining adoption among e-mail and Internet service providers. Yahoo Mail, the largest Web-based e-mail service, started supporting DomainKeys authentication late last year. Other backers include EarthLink Inc. and Google Inc.s Gmail service. By collaborating on the merged specification, Yahoo and Cisco should be able to create more interest in the DKIM approach, said Richi Jennings, an analyst at San Francisco-based Ferris Research. "Its very good from the perspective that now there are only two and a half e-mail authentication schemes to think about rather than three and a half," Jennings said, who was counting the earlier merger of Sender ID with an approach called SPF (Sender Policy Framework) as slightly more than a single specification. Yahoo and Cisco also are moving to make DKIM into a Web standard. The authors of the specification are working to submit a final specification to the Internet Engineering Task Force in time for the standards bodys meeting in Paris, which opens on July 31, said Jim Fenton, a distinguished engineer at Cisco.

standards effort largely collapsed in September. Among the problems were concerns that Microsoft Corp. patents could potentially cover parts of the specification, and open-source objections to licensing requirements. Read more here about the industrys reaction to MARIDs collapse. In their announcement, Yahoo and Cisco vowed to offer the merged DomainKeys and Identified Internet Mail specification to the industry at large and without seeking royalties. The license for DKIM will be similar to the DomainKeys license, Libbey said. "The whole point of this is to gain industry adoption, so it is important to make sure the license is available to the entire industry," Libbey said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel