Thursday, 31. May 2007
PermaLink DKIM, SPF and a new poll - border MTA
At the Beeb a week ago - Backing for tool to battle spam (1)

A tool that could help in the battle against spam (1) and phishing attacks has received industry approval.

The DomainKeys Identified Mail (DKIM) system is a method of validating the identity of the sender of an e-mail (1).


I've said it before, but it evidently bears repeating - sender authentication is not an anti-spam technology. OK, it might help against phishing, but only if those entities who are regular phishing targets actually adopt some form of sender authentication and very few have (2).

Here's the problem.

We all remember what happened when we finally got a ratified standard for electronic document formats - ODF. Microsoft ignored it and created OpenXML. I expect you see where I am going with this.

There is not one, but there are in fact two sender authentication technologies from which you can choose, SPF (aka Sender ID) and DKIM. The latter of these is the one that has just been accepted as a draft standard by the IETF. The former is the one to which Microsoft has very prominently given its backing.

So the fact that the IETF has accepted DKIM as a draft standard has little real world significance.

The other obvious problem is that, while the main beneficiaries of any sender authentication scheme are the senders themselves, the parties actually doing the authentication are the recipients. With some senders using no sender authentication and others choosing one or the other (2) in order for either of these two standards (3) to have any value at all, it will be necessary for receiving systems to understand both.

At the ND8 public beta forum a couple of weeks ago, someone asked IBM for "SPF-SenderID-DomainKey" capabilities and elicited this less than reassuring response:

We have considered DKIM support for a future release but...

Many customers do not run Domino as your edge mail SMTP server? Most customers I've talked to use another mail gateway for external delivery of email so the DKIM/Sender ID support would be on that server.

Please respond here if you do use Domino as your gateway SMTP server.

Dear readers, you will be aware that I am very interested in the use of Domino as a border MTA myself, though for somewhat different reasons.

Please help me by completing the poll that is currently live at the top, left of chris-linfoot.net and tell me what your border MTA is.

And if it is Domino, please post a response in that thread over at the ND8 public beta forum and say so too. I think IBM needs to know.

  1. Again with the lazy journalism and non-sequiturs! Oy!
  2. eBay is a notable exception to this rule - its outbound emails include a DKIM signature and it publishes an SPF record in DNS too.
  3. The two standards are the de facto (SPF) and the de jure (DKIM).



Category: Fixing SMTP
Technorati:

Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info

Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Contact Me
email - Chris Linfoot