Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Richi Jennings

Spam'n'stuff

CNET's error explaining DKIM

1 comment

IT TOPICS:Emerging Technology, Enterprise Software & Services, Internet, Security

Declan McCullagh, writing in CNET, makes the standard schoolboy error of assuming that email sender authentication technologies are "antispam techniques."

They're not.

DomainKeys Identified Mail (DKIM) and other sender authentication technologies are simply ways to detect forgeries. At best, they give a partial indication whether a message is spam or not, but their main use is to allow recipients to look up the reputation of the sending domain.

Detecting phishing attacks via sender authentication depends on legitimate senders, such as PayPal, publishing information in the DNS. An email that purports to come from paypal.com can then be verified against that published information.

Of course, this doesn’t stop phishers from using similar domains, such as verify-paypal.com. Many users won't notice the difference. A DKIM test will "pass" because the bad actors own the fraudulent domain.

In other words, DKIM alone is almost useless. That's why we also need domain-level reputation services.

More at richij.com...

Email this

Digg this

What People Are Saying

Add new comment

Richi, you are about 95%

Submitted by Eric Allman on May 25, 2007 - 1:29 P.M.

Richi, you are about 95% correct. By itself DKIM is just authentication, and many people confuse that with authorization. As a real-world example, my driver's license may identify me but it says nothing about my driving record.

The 5% part is that we can fairly easily come up with a whitelist of the top few hundred phishing targets, with paypal.com at the top. This list is pretty static and can be of use today. This is a form of "reputation" (actually "accreditation"), albeit only of use to the largest players. But that usefulness encourages those sites to sign, which will encourage more sites to verify, which will increase demand for domain reputation, which will encourage even more sites to sign, etc.

As you say, we do need dynamic domain reputation services to realize the full potential of DKIM, and in particular to address the cousin domain problem. And although I believe DKIM will have impact on the spam problem, it will be indirect and will take longer.

Reply | Report this comment

Email Sender Reputation at all, David?

Cloud computing: Gauging the benefits, barriers, hype and reality

The real reason Google is making Chrome

Using 3G to keep remote laptops compliant

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts