Hotmail e-mail accounts
DKIM (DomainKeys Identified Mail), on the other hand, is a signature-based approach developed by Yahoo (Nasdaq: YHOO) Latest News about Yahoo and Cisco (Nasdaq: CSCO) Latest News about Cisco Systems. DKIM actually secures the message itself. The sender inserts a digital cryptographic signature into e-mails for its domain. This approach is more complex than SDIF, but it has the advantage of supporting forwarding and surviving multiple hops, and is even extensible to individual addresses. Who Adopts? Naturally, marketers and volume senders with large amounts of email sender and corporate e-mail are early adopters, since they rely heavily on e-mail for their livelihood. Leading industry organizations, including the Direct Marketing Association (DMA) and the email sender and Provider Coalition (ESPC), require members and users to authenticate all outbound marketing e-mail. While estimates of actual adoption vary, statistics revealed at the Authentication Summit II held earlier this year showed that some 35 percent of e-mail sent today is Sender ID compliant, while 7-9 percent is signed by DomainKeys. Fortune 500 adoption has grown from 7 percent to 22 percent in one year. However, according to Charles E. Stiles, Vice Co-Chair of MAAWG (Messaging Anti-Abuse Working Group), authenticated e-mail "is not limited to ISPs, businesses small or large; it is intended for anyone that is ready to stand behind the reputation their e-mail creates." According to recent studies cited at the Authentication Summit II, a large number of mailers have already adopted one or both of the technologies to help receivers ascertain the true source of the e-mail. There is some evidence that spammers have adopted authenticated e-mail as well. Last year, Denver-based MX Logic, an e-mail defense solutions provider, published the results of a research study showing that a significant percentage of the e-mail surveyed came from domains that had adopted authenticated e-mail techniques. Stiles is not surprised: "Most of the e-mail traversing the Internet today is spam, and the fact that a spammer would take advantage of an easily implemented technology for any incremental gain is to be expected." However, he adds that "the good news is that any spammer that is authenticating their e-mail is publicizing the source of those messages, making it easier for illegitimate e-mail to be blocked." Benefits of Authenticated E-Mail However, authentication alone does not guarantee good e-mail: The email sender reputation may then be queried to find out whether the sender, now validated as being the true sender, is trustworthy. In fact, some schemes actually establish a "trustworthy score" that relies on cumulative information about a sender to determine whether its e-mail should be delivered or junked. There are several issues with DK, but they do not fundamentally break the store and forward nature of email as SPF does. The main problem is that users will need to use an SMTP server associated with the domain that they are sending from or their MUA will need to generate a DK signature using a personal private key (that is listed appropriately in the domain's DNS). Another issue is that the signing of the body only works if the body is not modified after the signing. Unfortunately some mailing lists and other software (virus scanners for example) tack on a few lines to the body and this will cause the signature check to fail. The genealogy of Sender ID In 1998, Jim Miller sent an email to Paul Vixie which outlined a basic plan for rejecting forged email. In 2002, Vixie published his Repudiating Mail-From" protocol based on Miller's work. Mail-From in turn inspired two other techniques, "Reverse MX" by Hadmut Danisch and "Designated Mailer Protocol" by Gordon Fecyk. E-mail reputation services will be further discussed in a later article. For now, here is our advice to companies big and small that rely on e-mail as a method of communicating with customers, vendors and partners: Three steps should be taken by an organization to improve its email sender, and to help safeguard its reputation:der * First, take steps to authenticate outbound mail. Publish an SPF record and begin signing with DomainKeys. * Second, apply the same standards to any third parties who are sending on your behalf. Don't forget that they represent you and can impact your trustworthiness score. * Third, work with your ISPs and e-mail providers, asking them for detailed feedback on signature validation and failures. In general, encourage any e-mail provider to authenticate and give feedback on performance.