Friday | 10 July, 2009
CSO
Powerful new antiphishing weapon DKIM emerges
DKIM standard attracts Cisco, Google, PayPal and more
Carolyn Duffy Marsan (Network World) 13/02/2008 10:40:15
Page:

Spoofers, spammers and phishers, beware. There's a new gun in town, and some of the Internet's most powerful companies -- including Yahoo, Google, PayPal and AOL -- are brandishing it in the ongoing battle against e-mail fraud.

The new weapon is called DKIM, an emerging e-mail authentication standard developed by the Internet Engineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.

DKIM addresses one of the Internet's biggest threats: e-mail fraud. As much as 80 per cent of e-mail from leading brands, banks and ISPs is spoofed, according to a report released in late January by the Authentication and Online Trust Alliance (AOTA). AOTA analyzed more than 100 million e-mails from Fortune 500 brands sent over a five-month period.

"It's a critical need that IT professionals look at e-mail authentication as a competitive advantage to protect their brands and their customers from these exploits as well as to protect their employees from spoofed or forged e-mail coming into their networks," says Craig Spiezle, chairman of AOTA.

DKIM proponents say the standard is an important step in rebuilding consumer confidence in e-mail.

"DKIM increases the trust with which people can regard their e-mail," says Jim Fenton, a distinguished engineer with Cisco and one of the authors of the standard. "DKIM isn't going to put an end to phishing, but I'm confident that DKIM is going to make it harder for phishing attacks to occur."

Under development since 2004, DKIM is finally reaching a critical mass. It's expected to be widely deployed this year, particularly in financial services and e-commerce firms. Early adopters include Bank of America, American Greetings and Cisco.

"My guess is that probably half of the Fortune 1000 will be DKIM signing in 2008," predicts Greg Olson, director of product management at Sendmail, which started shipping a DKIM-compliant e-mail appliance in November.

"I do feel that 2008 is the year when things are going to come together for DKIM," says Patrick Peterson, vice president of technology for IronPort, an e-mail appliance vendor that supports DKIM. "We have the Internet standard. We have a tremendous amount of vendor support...DKIM is solid as a rock."

Page:
More about Internet Engineering Task Force, IETF, eBay, American Greetings, AOL, Fenton, Leading Brands, Yahoo, PayPal, Cisco, SendMail, Financial Institutions, Microsoft, IronPort, Google, Rock

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

The business justification for data security

In the information security world we face two major types of threats: "noisy" threats which directly interfere with our ability to do business and "quiet" threats which cause real damage, but don't necessarily prevent people from doing their jobs. Read on to discover how to combat both types of threats and to justify the use of data security within your business.

Sponsored Links