Language Selection

English French German Italian Portuguese Spanish

New E-Mail Authentication Spec Submitted to IETF

Filed under

A group of leading technology companies that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force for consideration, eWEEK has learned.

The specifications for DomainKeys Identified Mail, or DKIM, were submitted to the IETF on Monday for consideration as a new e-mail authentication standard. DKIM has been in development since August and combines technology from Yahoo and Cisco. In addition to backing the new standards, the authoring companies plan to license it for free and may release it to the open-source community, according to information provided to eWEEK by the group.

The new DKIM standard will be available as an IETF Internet Draft through the organization's Web site in the near future, said Eric Allman, chief technology officer at Sendmail Inc.

Discussions of DKIM will be part of the 63rd IETF meeting in Paris, which begins on July 31, 2005, according to the group.

DKIM uses public key cryptography to sign e-mail messages, allowing receiving domains to identify legitimate senders and weed out spam and phishing e-mail with spoofed addresses. The specification combines elements of Yahoo's DomainKeys technology and Cisco's Internet Identified Mail technology.

As with DomainKeys, e-mail domain owners will generate a public and private cryptographic key pair, then publish the public key in their DNS (Domain Name System) record. The private key is stored on their e-mail servers. Components of Cisco's Identified Internet Mail header-signing technology will be used to sign messages, said Miles Libbey, anti-spam product manager at Yahoo.

E-mail administrators will have to install a software plug-in that supports DKIM on their mail servers, but the change will be easy to implement, especially for domain owners who have already set up DomainKeys, Libbey said.

Leading e-mail server makers such as Sendmail Inc. are pledging to release DKIM plug-ins for their products.

"We wanted to make it as easy as possible to make the transition from DomainKeys to DKIM," Allman said.

DKIM could become a widely accepted standard for securing e-mail communications and thwarting e-mail forgery and phishing attacks, said Jim Fenton, distinguished engineer at Cisco and one of the authors of the new specification.

"A lot of people in the past have said the future is to put cryptographic signatures in [e-mail] messages. So we're trying to present the future here. And we believe the future is now."

The announcement comes as leading e-mail experts are gathering in New York City this week to encourage organizations to implement e-mail authentication technology such as DomainKeys, or Microsoft's SIDF (Sender ID Framework).

Full Story.

More in Tux Machines

TheSSS 20.0 Server-Oriented Linux Distro Ships with Linux Kernel 4.4.17, PHP 5.6

4MLinux developer Zbigniew Konojacki informs Softpedia today, October 26, 2016, about the release and immediate availability of version 20.0 of his server-oriented TheSSS (The Smallest Server Suite) GNU/Linux distribution. Read more

Ubuntu 17.04 (Zesty Zapus) Daily Build ISO Images Are Now Available for Download

Now that the upcoming Ubuntu 17.04 (Zesty Zapus) operating system is officially open for development, the first daily build ISO images have published in the usual places for early adopters and public testers. Read more

Today in Techrights

OSS Leftovers

  • Chain Releases Open Source Blockchain Solution for Banks
    Chain, a San Francisco-based Blockchain startup, launched the Chain Core Developer Edition, which is a distributed ledger infrastructure built for banks and financial institutions to utilize the Blockchain technology in mainstream finance. Similar to most cryptocurrency networks like Bitcoin, developers and users are allowed to run their applications and platforms on the Chain Core testnet, a test network sustained and supported by leading institutions including Microsoft and the Initiative for Cryptocurrency and Contracts (IC3), which is operated by Cornell University, UC Berkeley and University of Illinois.
  • Netflix Upgrades its Powerful "Chaos Monkey" Open Cloud Utility
    Few organizations have the cloud expertise that Netflix has, and it may come as a surprise to some people to learn that Netflix regularly open sources key, tested and hardened cloud tools that it has used for years. We've reported on Netflix open sourcing a series of interesting "Monkey" cloud tools as part of its "simian army," which it has deployed as a series satellite utilities orbiting its central cloud platform. Netflix previously released Chaos Monkey, a utility that improves the resiliency of Software as a Service by randomly choosing to turn off servers and containers at optimized tims. Now, Netflix has announced the upgrade of Chaos Monkey, and it's worth checking in on this tool.
  • Coreboot Lands More RISC-V / lowRISC Code
    As some early post-Coreboot 4.5 changes are some work to benefit fans of the RISC-V ISA.
  • Nextcloud Advances with Mobile Moves
    The extremely popular ownCloud open source file-sharing and storage platform for building private clouds has been much in the news lately. CTO and founder of ownCloud Frank Karlitschek resigned from the company a few months ago. His open letter announcing the move pointed to possible friction created as ownCloud moved forward as a commercial entity as opposed to a solely community focused, open source project. Karlitschek had a plan, though. He is now out with a fork of ownCloud called Nextcloud, and we've reported on strong signs that this cloud platform has a bright future. In recent months, the company has continued to advance Nextcloud. Along with Canonical and Western Digital, the partners have launched an Ubuntu Core Linux-based cloud storage and Internet of Things device called Nextcloud Box, which we covered here. Now, Nextcloud has moved forward with some updates to its mobile strategy. Here are details.
  • Using Open Source for Data
    Bryan Liles, from DigitalOcean, explains about many useful open source big data tools in this eight minute video. I learned about Apache Mesos, Apache Presto, Google Kubernetes and more.