Malware

Does DomainKeys Identified Mail have what it takes to stop spam?


DomainKeys Identified MailWatch out, spammers... DomainKeys Identified Mail has received preliminary approval from the Internet Engineering Task Force, and it is powerful enough to mess up your plans to destroy the world -- or at least detect and block your pesky unsolicited junk e-mail. Read the details in this CNET Networks' News.com story: "Promising antispam technique gets nod."

Here's the lowdown:

What's new:

A key Internet standards body gives preliminary approval to a powerful technology designed to detect and block fake e-mail messages.

Bottom line:

The technology is more promising than most other antispam and antiphishing technologies because it harnesses the power of cryptographically secure digital signatures to thwart online miscreants.

For more information about this story, check out these other news sources:

Sure, DomainKeys Identified Mail is Yahoo's original DomainKeys concept on steroids, but does it have what it takes to truly put an end -- once and for all -- to spam and phishing attacks? Join the discussion.

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

7 comments
Deadly Ernest
Deadly Ernest

This will have no effect on the majority of spam as it doesn't address the problem of Zombies (hope I got the term right) where someone hits you with a program to use your PC to send the spam. It doesn't address someone getting an account with Yahoo, Gmail, Hotmail or any other such service and pounding the world with spam from their servers. All it does is slow down the easily identified phishers and cause the spammers about an extra 10 minutes work per day. At the moment lots of people have problems with similar style services like sorbs where they note the IP of a server sending spam and kill all access from that server. Such great service sees people like Gmail and Yahoo blocked at the domain level on a regular basis. I'm still trying to send a person a requested reply - every one gets killed by sorbs as they have the ISP blocked due to one client sending spam from it last week. So some ISP who is protected by sorbs is about to cost a client my business as I can't contact them. Snail mail, on which e-mail was based, doesn't have any such built in security. The strength of mail is that you toss it out there into the void and it arrives at the other end. This type of process is going to kill that off. We have plenty of good systems that deal with the vast majority of spam without people seeing it. Why go all draconian over it. The other thing is if a business tightens up this sort of process too much, they start losing legitimate clients who don't have these keys or who are coming from a domain where a spammer was doing business from earlier that day or the day before. Thus the legitimate people are punished because the business kills at the domain level. ----------- Now for your question: Externally, I have the default mailbox provided by the ISP and I have my own special mailbox. I NEVER give out the default mail box, and almost never check it, just have it all regularly cleansed as spam. People want to talk to me by email get my email from me and they go to my special mailbox. This is scanned by an anti-virus at the ISP and my PC, I also have a built in anti-spam adaptive filter in the mail client. I get very little spam. I also have two mailboxes with a web based service, one is used in a fairly public arena and gets about one spam item a day, the other is given out only to a select few, in 4 months it hasn't yet had any spam.

lkarnis
lkarnis

Warning - vendor post... Domain Keys are designed to ensure that the sender has not forged mail headers. In that regard, Domain Keys are beneficial. I work for XPMsoftware.com (an antispam vendor). We have noticed that a large number of spam messages already contain valid Domain Key headers. Spammers have adopted Domain Keys under the hope that people (incorrectly) assume that the presence of valid Domain Key headers mean the message is legitimate. This is consistent with what we saw during the early days of Sender Policy Framework. This also doesn't address the issue of the millions of domains that do not implement either SPF or DMK. Please do not assume that DMK == no spam.

Sonja Thompson
Sonja Thompson

DomainKeys Identified Mail has received preliminary approval from the Internet Engineering Task Force, but does it have what it takes to truly put an end to spam and phishing attacks? What anti-spam/anti-phishing technology do you currently use?

Interested Amateur
Interested Amateur

Mail Washer has both white and blacklists, you can read your mail on the IP server before you download the messages, check against DNS blacklist servers, choose from 3 heuristic settings, and make multiple accounts. As a home user, Mail Washer is quite adequate for me. I'm sure it would be appropriate for a small business, also. Edit - Whether Mail Washer will stop domain key spam, I'm not really qualified to judge. But, it works for me. Interested Amateur

grax
grax

As I work with individuals and private clients rather than corporate entities my experience may differ. I send everyone to Bluebottle.com. They have a simple webmail facility as well as Pop3 and SMTP functions. Best of all they provide easy to control Black and White lists and require all responders to verify their messages. No spam! For private use it?s free. Better than Hotmail Yahoo! Et al. (and they don?t pay me for saying any of this. I really should sort that out.)

Kiltie
Kiltie

the main thing I noticed, is that Yahoo likes itself, eg (cannot remember exact wording, so I'll paraphrase) "Yahoo has determined that this email came from a genuine Yahoo account" Doesn't matter if porn or viagra is there, it came from Yahoo so it must be ok, right??? edit: I forgot to answer your question, I use Firefox 2 with appropriate anti phishing add-ons plus, the BEST tool of all, COMMON SENSE

tundraroamer
tundraroamer

We just let M$ Bob scan each incoming e-mail and respond to the sender with questions about content, spelling, what is v1@g$a? In the end, the spammer blacklists us as a potential spam address because they get annoyed so much by M$ Bob. See, who said M$ isn't dealing with spam?

Editor's Picks