I like the idea of the new DKIM approach to sorting mail. I think it will definitely help out in sorting legitimate email from fraudulent ones. DKIM takes the step of actually identifying the sender not by their IP, but instead by their domain. This should have more of an impact, especially when dealing malware-sticky sites such as those with the .info extension. Even in that case though, with the new legislatures being passed, the .info extensions are going to be more expensive to purchase. So all in all, things are looking up in the fight against spam and phishing attacks.

Specifications for a new e-mail authentication tool to help fight against phishing and spam were published yesterday by the Internet Engineering Task Force (IETF), opening the way for software vendors and e-mail service providers to find better ways to protect e-mail recipients.

The specifications were announced for DomainKeys Identified Mail (DKIM), a new technology that combines several existing antiphishing and antispam methods to create an improved way to sort and identify legitimate e-mail. The specifications provide details that independent software vendors and e-mail service providers can use to build the protections into their products and services immediately.

Instead of using a traditional IP address to identify the sender of each message, DKIM adds a digital signature associated with the organization’s domain name. That signature is then validated invisibly at the recipient’s end. “White lists” and “black lists” are then used by the e-mail infrastructure software to validate the reputation of the sender.[more]

Tags: Good on the Net