Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


New Spec Could Cut Phishing, Spam

IETF approves email signature standard pioneered by Yahoo!, Cisco

Phishers and spammers beware: It may soon be a lot harder to pretend you're somebody you're not.

The Internet Engineering Task Force, which sets the technical standards for the Internet, yesterday approved the DomainKeys Identified Mail standard as a proposed standard (RFC 4871). The specification, a three-year effort pioneered by Yahoo!, Cisco, Sendmail, and PGP, is an email authentication framework that uses cryptographic signature technology to verify the domain of the sender.

In a nutshell, DKIM allows email senders to "sign" each email to verify that it comes from their domain. If the receiving domain handles an email that does not contain the signature, it can raise a red flag to warn the recipient that the message might be a fake.

"For years, one of the big problems in Internet messaging has been the ability of a sender to use any 'from' address," says Jim Fenton, a distinguished engineer at Cisco and one of the authors of the standard. "Without too much work, you can say you're just about anybody in an email."

DKIM was created from two technologies developed several years ago: Yahoo!'s DomainKeys, which was developed for Yahoo! email users; and Cisco's Identified Internet Mail. With the help of PGP, Sendmail, and input from a host of other vendors, Yahoo! and Cisco combined their efforts into DKIM, which is already being integrated into email services, such as Gmail.

DKIM is designed to be implemented at the domain level and shouldn't require any changes at the client, developers say. Essentially, a domain owner -- such as an Internet service provider or a large corporation -- equips its servers with the ability to "sign" outgoing messages, verifying their authenticity.

On the other end, email security servers and applications can be set to look for the DKIM signature in incoming messages, giving priority to signed mail and red-flagging unsigned messages for further scrutiny, or warning end users of potential problems.

Fenton emphasizes that the new standard won't stop spam, but if it is widely adopted it could force spammers to stop sending messages from bogus email domains. "DKIM makes it harder for an attacker to make a message look like it's coming from a bank or some other trusted source, so it directly addresses some aspects of phishing," he says. But spammers could actually use DKIM themselves, "and we have some evidence that they already are."

Both Cisco and Yahoo! say they have already deployed DKIM to help protect messages sent from their own domains. "We currently see about a billion DomainKeys signed emails flow through Yahoo! Mail each day," said Mark Delany, lead architect for Yahoo! Mail and author of DomainKeys. "We look forward to continued momentum as more senders adopt the new email authentication standard.”

It's hard to say just how effective DKIM will be in reducing phishing and spam from bogus addresses, Fenton says. First, it has to be adopted, though that adoption should accelerate with the IETF's blessing. "We have seen a lot of ISPs, and some big financial institutions, on the verge of implementing it."

But it's important to remember that the standard itself won't stop anything. "What it really does is make [anti-spam and anti-phishing] products work better," Fenton says. "Its impact will be determined by how it's used in products."

The IETF's DKIM Working Group is currently working on a best practices document that will help vendors, users, email advertisers, and reputation services get the most out of the standard, Fenton says. The group is also developing language that will help email domains tell recipients they are signing all of their messages with DKIM.

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • Juniper Networks Inc. (Nasdaq: JNPR)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Trusted Computing Group

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    Abandoned Apps May Pose Security Risk to Mobile Devices
    Robert Lemos, Contributing Writer,  5/29/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).