O
ovi
Guest
Internet portal Yahoo (Nasdaq: YHOO - news) and networking giant Cisco (Nasdaq: CSCO - news) are putting their heads together in the fight against spam, collaborating on authentication technology in the hopes that others will adopt a new security standard.
The partners have pledged to develop a specification combining their respective cryptographic-based security offerings: Yahoo's DomainKeys and Internet Identified Mail from Cisco.
The new product will be called DomainKeys Identified Mail (DKIM), and will be offered royalty-free to the industry.
New, Improved DomainKeys
With DomainKeys, a sending system uses a private key to generate a signature and inserts the signature in the e-mail header. The receiving e-mail system uses the public key, published in the Domain Name System, to verify the signature.
DKIM takes this a step further by employing the Domain Name System (DNS) in the same fashion as DomainKeys, while taking advantage of Identified Internet Mail's header-signing signature technology. The benefits of signing e-mail using DKIM can be substantial for businesses that commonly send transactional e-mail to consumers, such as banks, utilities and e-commerce services.
"E-mail authentication is the first step in fighting e-mail forgery, such as spam and phishing attacks," Yahoo spokesperson Karen Mahon said. "We are taking a multifaceted, proactive approach to fighting spam, which includes DomainKeys as well as legislative and legal efforts."
Dueling Technologies
The goal, said Mahon, is to draw more support for DKIM by making the technology readily available. It is a lofty objective, analyst said, given the seriousness of spam, and the number of competing authentication offerings available.
Sender authentication technology has been a topical issue, given the proliferation of spam and the ever-increasing sophistication of phishing ruses. The challenge with DomainKeys, as well as other technologies offered by such vendors as Microsoft (Nasdaq: MSFT - news), VeriSign (Nasdaq: VRSN - news) and AOL (NYSE: AOL - news), is the lack of consistent standards.
"The spam problems is so large that no one company can solve it, so it's good to see major companies like Yahoo and Cisco combine their strengths and make the technology widely available," said Yankee Group senior analyst Andrew Jaquith.
He pointed out that among businesses, spam comprises anywhere from 30 percent to 90 percent of e-mail. "The more people that get involved with this effort between Yahoo and Cisco, the more value it has," said Jaquith.
Long Way to Go
Gregg Mastoras, senior security analyst for Sophos, agrees that mass acceptance is critical for the success of sender authentication. "We applaud any provider that uses this technology," he said. "But until some standard is reached, companies will be forced to adopt multiple technologies or pick one."
Even with a standards agreement in place, sender-authentication technology will make only a slight dent in spam, he said, despite claims to the contrary. There is just too much spam out there.
Phishing is another matter entirely. "A broadly accepted sender-authentication standard, and the widespread deployment of the technology, will make a serious dent in phishing scams," Mastoras predicted, explaining that because most people do business online with a very small universe of providers, the system can recognize these addresses.
The partners have pledged to develop a specification combining their respective cryptographic-based security offerings: Yahoo's DomainKeys and Internet Identified Mail from Cisco.
The new product will be called DomainKeys Identified Mail (DKIM), and will be offered royalty-free to the industry.
New, Improved DomainKeys
With DomainKeys, a sending system uses a private key to generate a signature and inserts the signature in the e-mail header. The receiving e-mail system uses the public key, published in the Domain Name System, to verify the signature.
DKIM takes this a step further by employing the Domain Name System (DNS) in the same fashion as DomainKeys, while taking advantage of Identified Internet Mail's header-signing signature technology. The benefits of signing e-mail using DKIM can be substantial for businesses that commonly send transactional e-mail to consumers, such as banks, utilities and e-commerce services.
"E-mail authentication is the first step in fighting e-mail forgery, such as spam and phishing attacks," Yahoo spokesperson Karen Mahon said. "We are taking a multifaceted, proactive approach to fighting spam, which includes DomainKeys as well as legislative and legal efforts."
Dueling Technologies
The goal, said Mahon, is to draw more support for DKIM by making the technology readily available. It is a lofty objective, analyst said, given the seriousness of spam, and the number of competing authentication offerings available.
Sender authentication technology has been a topical issue, given the proliferation of spam and the ever-increasing sophistication of phishing ruses. The challenge with DomainKeys, as well as other technologies offered by such vendors as Microsoft (Nasdaq: MSFT - news), VeriSign (Nasdaq: VRSN - news) and AOL (NYSE: AOL - news), is the lack of consistent standards.
"The spam problems is so large that no one company can solve it, so it's good to see major companies like Yahoo and Cisco combine their strengths and make the technology widely available," said Yankee Group senior analyst Andrew Jaquith.
He pointed out that among businesses, spam comprises anywhere from 30 percent to 90 percent of e-mail. "The more people that get involved with this effort between Yahoo and Cisco, the more value it has," said Jaquith.
Long Way to Go
Gregg Mastoras, senior security analyst for Sophos, agrees that mass acceptance is critical for the success of sender authentication. "We applaud any provider that uses this technology," he said. "But until some standard is reached, companies will be forced to adopt multiple technologies or pick one."
Even with a standards agreement in place, sender-authentication technology will make only a slight dent in spam, he said, despite claims to the contrary. There is just too much spam out there.
Phishing is another matter entirely. "A broadly accepted sender-authentication standard, and the widespread deployment of the technology, will make a serious dent in phishing scams," Mastoras predicted, explaining that because most people do business online with a very small universe of providers, the system can recognize these addresses.
