Sunday, July 10, 2005

DomainKeys Vs. The Spam Monster

In March 2004 Yahoo proposed a new email verification system called DomainKeys. Like any other standard, adoption is the key.

This uses public/private key pairs to sign the message, ensuring that the mail is from who it claims to be and has not been tampered with en route. They begain implementation last November, and though I don't know how widespread the adoption is, I am starting to see messages in Yahoo Mail that are marked with statements like "DomainKeys has confirmed that this message was sent by".

The primary motivation of such schemes is to stop phishing attacks. But it also works against spammers. Even though DomainKeys only identifies who is sending the mail (not why) any spammer who authenticates is only making themselves easier to block.

So far so good!

Here's the Yahoo explanation and the code library.


No comments:

Post a Comment