Posted: 25th May, 2007 By: MarkJ
The Internet Engineering Task Force (IETF) has accepted a draft standard for the
DomainKeys Identified Mail (DKIM) system, which provides a method for validating an identity that is associated with an e-mail message.
Typically a considerable bulk of SPAM e-mails 'spoof' their senders identity with that of another address, which is why junk can sometimes appear to come from the Pope or perhaps your own address:
Although 90 to 99% of e-mail comes from senders known to the recipient, establishing the identity of a sender remains a key consideration in the protection against spam.
Spammers get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses - such as @madeupmailname.com - is known to be used by spammers.
DKIM lets honest e-mail senders prove they sent a message by encrypting a two-part signature, or key, in a selected part of the mail.
There have been similar technologies in the past, although most are of limited use and others can be obtrusive. The new system will require both the sender and recipient to be signed up with DKIM, however this is likely to be a task performed by the e-mail servers admin.
It may not be perfect and could still be abused in other ways, but that doesn't mean to say it won't be an improvement. So, will UK ISP's adopt it? More @
BBC News Online.