Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Spam Security

Bye Bye Spam and Phishing with DKIM? 134

Posted by Zonk from the teflon-for-your-mailbox dept.
ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"
This discussion has been archived. No new comments can be posted.

Bye Bye Spam and Phishing with DKIM? More

Bye Bye Spam and Phishing with DKIM?

Comments Filter:

  • yahoo press release (Score:4, Informative)

    by Ramses0 ( 63476 ) on Thursday May 24, 2007 @06:48PM (#19261681)
    http://yodel.yahoo.com/2007/05/22/one-small-step-f or-email-one-giant-leap-for-internet-safety/ [yahoo.com]

    It also has some nice background information on DKIM.

    --Robert

  • Re:few users (Score:5, Informative)

    by WrongSizeGlass ( 838941 ) on Thursday May 24, 2007 @07:09PM (#19261999)
    Ditto.
    The ISP of one of my clients just turned on 'greylisting' and their mail volume dropped 71%, knocking their spam % down to 11% of their new volume.

    They would rather spend the budget on stopping spam rather than upgrading their servers. It's that big of a problem.

    DKIM will help (until fake 'certificates' show up) but it won't solve the problem. Only flame-throwers, and lots of them, will fix this once and for all.

  • Re:Sooooo close... but not going to work. (Score:4, Informative)

    by MightyMartian ( 840721 ) on Thursday May 24, 2007 @07:16PM (#19262103) Journal
    You've come close to what I arrived at in the last few months of my job working for an ISP, that all these kludgy attempts to beef up SMTP would always be fatally flawed unless we (and by that I mean Joe Average and admins) was prepared for inconveniences. That means putting an end to straight-out forwarding, because that pretty much busts everything without the major overhead of rewriting the headers. It means locking down the servers themselves and not expecting some "good neighbor" protocol to somehow magically take care of the problem. As someone else has pointed out, how is DomainKeys any different than PGP signing, which has been around for two decades now. Even if we went to DomainKeys or PGP, it still wouldn't stop all those zombies out there from happily sending signed spam. It means that distributed dictionary attacks would have to come in with a legitimate address from the source network, but I doubt the spammers are going to give a damn about that.

    The problem with spam is that it isn't just an email problem. If it was, then we'd all have had this beat a long time ago.

  • Why would you mod this down? (Score:1, Informative)

    by Anonymous Coward on Thursday May 24, 2007 @07:25PM (#19262243)
    Why is this modded redundant? It was posted earlier than the one above that was modded funny.

  • My solution... (Score:1, Informative)

    by Anonymous Coward on Thursday May 24, 2007 @07:28PM (#19262289)
    click [mailto]

  • Re:I am trying DKIM (Score:1, Informative)

    by Anonymous Coward on Thursday May 24, 2007 @10:18PM (#19264137)
    1) There's still no way of saying "my domain always signs email with DKIM, so no signature means forged mail". At least I couldn't figure it out.

    Basically you omit the t=y dns entry and specify o=-, but because of the relative immaturity of the standard, it might be ignored.

    2) Mailing lists add a footer which messes with the signature.

    It really depends at what stage you add the footer. The intent of DKIM is to verify at the MTA level, so if you can check the signature before you change the message content, DKIM is still worthwhile.

    As a consequence DKIM at the moment is completely useless since even though all my emails are signed, spammers/phishers can simply not put the DKIM signature and DKIM wouldn't know if the email was forged or not.

    Much of the spam I encounter is from forged Hotmail (SPF/SenderID), Yahoo (DomainKeys) and GMail (SPF/Domainkeys/DKIM) accounts and implementing these systems help to control, or at least identify the source of the spam. It also helps in preventing spammers from abusing your domain because almost all free webmail providers implement at least one of these standards, and your messages are less likely to end up classified as junk.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close