The Internet Engineering Task Force (IETF) released a new e-mail authentication specification this week in the hopes of stepping up the slowing fight against spam. The spec is dubbed DomainKeys Identified Mail (DKIM) and, if incorporated, may very well help cut down on spam and phishing attempts without requiring any user involvement. At the very least, it could make it less likely that valid emails are tagged a spam. 

The DKIM whitelisting process considers the IP address associated with the sender of an e-mail and takes it a step further by adding a digital signature associated with the sender's domain name via a public-key cryptography scheme. On the receiving end, servers that have incorporated DKIM will be able to validate the signature and then check it against whitelists. This process is carried out in the background, invisible to the user, and can be used in conjunction with other anti-spam efforts.

According to the DKIM charter, the working group makes no claims about preventing fraud or spam altogether but rather provides "a tool for defense against [fraud and spam] by assisting receiving domains in detecting some spoofing of known domains." The group also plans to "analyze the impact on senders and receivers who are not using DKIM, particularly any cases in which mail may be inappropriately labeled as suspicious or spoofed."

DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.

DKIM isn't the only contender in the spam ID war. Microsoft, despite its involvement in submitting DKIM to the IETF, is still backing Sender ID and recently bragged that it protects over 8 million domains worldwide. The open-source Sender Policy Framework (SPF) and Certified Server Validation (CSV), which function similarly to DKIM and Sender ID, are also competing for widespread adoption.

Some are optimistic that DKIM will take off. "As far as we can tell, all the major [e-mail services] are very interested implementing it," director of the Domain Assurance Council Paul Hoffman told Computerworld, who first covered the new spec. "We believe from what they've said that all of them are going to include DKIM fairly high in the list of white-listing technologies."