RealTime IT News

Yahoo for DomainKeys

One of the Web's largest e-mail providers is looking to make its service safer with the adoption of DomainKeys, a cryptographic-based e-mail authentication technology, Monday.

Sunnyvale, Calif.-based Yahoo originally developed the technology to reduce the amount of spam coming from spoofed e-mail addresses , which in turn leads to phishing attacks on personal and confidential information.

"Yahoo Mail understands that online security is vital to consumers, and through our development and implementation of the DomainKeys authentication solution, we are actively helping to protect consumers from threats like e-mail spoofing and identity theft," Brad Garlinghouse, Yahoo vice president of communications products, said in a statement.

The announcement was one of several made by the portal, which is facing fierce competition from upstarts like Google and long-time threats like Microsoft . Also launched Monday was an increase to the storage space for Yahoo members, from 100 MB to 200MB with 10MB attachments. Yahoo premium customers get 2GB of space and 20MB for file attachments, a move prompted by Google's 1 GB Gmail service.

DomainKeys is similar to the controversial Sender ID for E-Mail technology from Microsoft in that it checks to make sure e-mail is coming from the person or company it claims. It inserts a digital signature into e-mail headers to confirm the source and guarantee the message wasn't changed in transit.

Sender ID, on the other hand, is an IP-based answer to authentication that checks the Purported Responsible Address (PRA) header information against a list of known, and accepted, domains.

Yahoo's technology got an additional boost with the announcement by Earthlink officials that it would soon begin testing DomainKeys on its e-mail servers.

"EarthLink is always looking to evaluate new safeguards to increase consumer protection against spammers who try to hide their identity behind e-mail forgery," Tripp Cox, EarthLink CTO, said in a statement. "In the coming weeks, we plan to test the DomainKeys authentication solution on our e-mail system and determine how we can best implement this spam-fighting software."

Spam-busting technology and its implementation in the real world has been of great concern to IT administrators lately. The Federal Trade Commission (FTC) and National Institute of Standards and Technology (NIST) held an e-mail authentication summit last week to hear about the major players and technologies involved.

The summit included discussions on the viability of cryptographic-based specifications like DomainKeys and Cisco System's Identified Internet Mail (IIM). The general consensus of those attending, according to Margaret Olson, technology co-chair for the E-mail Service Provider Coalition, was the two technologies should be merged to provide a more robust and centralized specification.

"They're solving the exact same problem in the exact same way, and the difference is the details and how you sign [the digital certificate]," she said. "You could have a technical, theoretical discussion about which is better in certain obscure edge cases, but at the end of the day the differences aren't significant."

John Noh, a spokesman at Cisco, said the company has been in talks with Yahoo and other organizations, as well, on their respective technologies and the best way to implement.

"We're not fundamentally opposed to combining these technical specifications. It is our preference, however, that different vendors work together to combine the best elements of these different cryptographic proposals to create the best technical solution," he said.

"Such a solution must factor in the different use cases, including those of enterprises, service providers, small- to medium-sized businesses, and individual users. [This] preserves the positive aspects of today's e-mail infrastructure including the privacy of e-mail users and the ability for a user to send e-mail to any other use."

In August, DomainKeys benefited from Sendmail study, which reported a "10-fold performance increase" over standard e-mail filters with only a slight lag in server performance.