E-Mail Authentication Spec Submitted to IETF

By Paul F. Roberts  |  Posted 2005-07-18

A group of leading technology firms that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force.

The specifications for DKIM (DomainKeys Identified Mail) were submitted to the IETF last week for consideration as a new e-mail authentication standard. DKIM has been in development since August and combines technology from Yahoo and Cisco. In addition to backing the new standard, the authoring companies plan to license it for free and may release it to the open-source community, sources say.

The DKIM standard will be available as an IETF Internet Draft through the organizations Web site in the near future, said Eric Allman, chief technology officer at Sendmail Inc., in Emeryville, Calif.

Allman is part of a core working group that created the DKIM specification. The group includes representatives from PGP Corp., Yahoo and Cisco. Discussions of DKIM will be part of the 63rd IETF meeting in Paris, which begins on July 31.

DKIM uses public-key cryptography to sign e-mail messages, allowing receiving domains to identify legitimate senders and weed out spam and phishing e-mail with spoofed addresses. The specification combines elements of Yahoos DomainKeys technology and Ciscos Identified Internet Mail technology. As with DomainKeys, e-mail domain owners will generate a public and private cryptographic key pair and then publish the public key in their DNS (Domain Name System) record. The private key is stored on their e-mail servers. Components of Ciscos Identified Internet Mail header-signing technology will be used to sign messages, said Miles Libbey, anti-spam product manager at Yahoo, in Sunnyvale, Calif.

E-mail administrators will have to install a software plug-in that supports DKIM on their mail servers, but the change will be easy to implement, especially for domain owners who have already set up DomainKeys, said Libbey.

Leading e-mail server makers such as Sendmail are pledging to release DKIM plug-ins for their products.

DKIM could become a widely accepted standard for securing e-mail communications and thwarting e-mail forgery and phishing attacks, said Jim Fenton, distinguished engineer at Cisco, in San Jose, Calif., and one of the authors of the new specification.

"A lot of people in the past have said the future is to put cryptographic signatures in messages. So were trying to present the future here. And we believe the future is now," Fenton said.

Fenton and Libbey acknowledged that unveiling the DKIM specification now could complicate matters because DKIM isnt ready for deployment, though it has been tested in three trial deployments by Sendmail and Cisco to shake out problems in the specifications, Fenton said.

Rocket Fuel