UPDATED: In a rare display of industry cooperation, Yahoo and Cisco
merged their e-mail authentication specification, officials announced Monday.
The Domain Keys Identified Mail (DKIM) specification is the combination of two related, competing, technologies: Yahoo’s Domain Keys and Cisco’s Identified Internet Mail (IIM).
While the two technologies are similar in concept in that they both use signature-based public key technology to authenticate e-mails, they had some hurdles to overcome before they could be merged.
The fact Cisco and Yahoo were able to work out those differences is significant, said Dave Crocker, principal of Brandenburg InternetWorking, an industry consultant and one of several organizations called in by the two companies to work on the merged specification.
“It represents a really substantial industry integration effort,” he said. “The legitimate cooperation that was both needed and happened was both difficult and diligent. It’s extremely rare to get people with competing proposals to collaborate on putting them together, never mind getting really substantial participation from additional vendors.”
A number of big-name companies provided input before Yahoo and Cisco released their technology draft to the Internet Engineering Task Force (IETF): IBM , AOL
, Microsoft
, EarthLink
, PGP Corp., Sendmail, StrongMail Systems, Alt-N Technologies, Tumbleweed and VeriSign
.
Work to get the technology adopted as an Internet standard will begin at the IETF meeting to be held at the end of this month in Paris. There are currently three implementations of the technology by Sendmail, Cisco and Alt-N Technologies to use as a foundation for further testing.
“With DKIM, we’re helping other e-mail service providers, ISPs, financial institutions and e-commerce companies to protect their e-mail customers, as well,” Miles Libby, Yahoo anti-spam manager, said in a statement. “We look forward to continued industry collaboration on DKIM in an effort to create an open e-mail authentication standard that is available to the industry at-large.”
DKIM is the second big-ticket technology that aims to limit the amount of spam that’s increasingly finding its way into people’s inboxes.
E-mail authentication isn’t an anti-spam technology, per se, but it seeks to ensure the e-mail you get is actually from the person it originates from. Many spammers spoof
The Microsoft-sponsored Sender ID specification has been used throughout the industry for some time despite the fact it couldn’t reach industry consensus. Talks to get the specification approved as an Internet standard stalled last year in a working group following concerns over Microsoft’s licensing of the technology and the patents found in the technology.
Its license, while royalty-free, precluded its use in open source environments, which powers a majority of the e-mail servers found around the world.
Both Yahoo and Cisco had intellectual property rights attached to their individual technologies, though officials were unavailable at press time to say whether they remain in the combined technology. It’s also uncertain what type of license will be attached to the technology, though Crocker said Yahoo has been working to make sure the license is compatible with the open source community.
“There’s always the test of whether they’ve succeeded and the test is political rather than mechanical,” he said. “Certainly, those of us participating believe their effort has been legitimate and sufficient; whether the rest of the community will agree, we’ll see.”
According to Yahoo officials, the DKIM license will be similar to the existing DomainKeys license found on the open source development site SourceForge.net and was drafted to promote adoption of the merged technology.
Karen Mahon, a spokesperson for the company, noted that open source projects Sendmail and Qmail, as well as others, have already implemented DomainKeys in their projects.