So this was an article/blog post that I wrote while at StrongMail (best in-house solution out there) that I think has some good points and history in it. I am re-publishing this from their site.
As
you may know, email is thirty years old and its underlying
infrastructure was never built with security and accountability in
mind. No one ever thought that email would become as widely used as it
is today, that the Internet itself would be subject to so much abuse.
The original email and Internet systems that we know today weren’t
invented by Al Gore, but by our own government missile defense system
group called the Advanced Research Projects Agency (ARPA), whose
primary job was to handle research for all space and strategic missile
research. NASA was then formed, and the activities of ARPA moved away from aeronautics and focused mainly on computer science and information processing.
One of ARPA’s goals was to connect mainframe computers at different
universities around the country so that they would be able to
communicate using a common language and a common protocol. Thus the
ARPAnet — the world’s first multiple-site computer network — was
created in 1969. In order to have an account on these systems you
simply asked for one and they just gave it to you almost without ANY
questions, completely overlooking security and accountability.
Well, obviously, as time went by and the systems got larger and more
interconnected, some people figured out the vulnerabilities and started
to send out the first of many billions of unsolicited messages now
known as SPAM. The question now comes down to how we can possibly patch
a hole this big. Email authentication technologies like DKIM (DomainKeys Identified Mail) are a start.
DKIM is a signature/cryptography-based sender authentication
protocol developed in order to address the problem of forged email
messages (missing security and accountability) and to allow an
organization or individual to take reasonability for the message it
sends, which has given rise to the concept of email reputation. Now, I
won’t bore you with the details of email reputation and authentication,
but I do want to focus on why we got involved in this early on.
Email is now about as mainstream as any technology can be, yet the
viability of email is continually being threatened by viruses, spam,
spoofing, and phishing. All of these threats are shaking the confidence
in email as a viable tool for communications and conducting business,
and StrongMail is committed to help protect it. We have been participating in
the DKIM standard since day-one, and we are proud to have our own
employees acknowledged for their hard work in the standard.
StrongMail was the first technology provider to
integrate support for all emerging authentication protocols into its
outbound email products to simplify compliance with whatever standards
are mandated. DKIM has since gained a lot of traction, and AOL, GMAIL,
and Yahoo! now use it successfully in production.
Unless you’re a member of the CIA, a Matrix super fan, or a
cryptographic expert, signature-based authentication can be difficult
to understand. In StrongMail, you don’t have to think about any of that
stuff, since we make it as easy as 1-2-3 with our step-by-step
interface, which will either create, upload, or use the existing keys
needed to properly sign and verify any email.
In fact, StrongMail is specifically designed to make it easy to work
in the complex and ever-changing world of email standards. You even
have the ability to apply authentication to certain email streams or
campaigns based on your needs. Our offering is so simple that anybody
with a mouse, keyboard, and monitor can institute email authentication.
Overall, DKIM brings accountability to the sender, establishes a
reputation and confirms whether they should be sending email from a
certain domain. By doing this, receivers can better separate mail
streams from those who are good and those who are bad, which enables
better anti-spam technologies and reduces false positives.
-Dennis
Eloqua
Last 5 posts by Dennis Dayman
- Delivery and deliverability debunked - May 7th, 2012
- European Regulator Warns Silicon Valley About Privacy - April 28th, 2012
- Canada’s anti-spam law won’t take effect until 2013 - April 28th, 2012
- Mr. Dayman Goes to Washington - April 2nd, 2012
- EU proposes a reform of the data protection rules - March 28th, 2012
How do feel on the supposed portability of DKIM and that it will be domain based rather than tied to email server IP addresses?
Does the portability promise offer a future for shared hosting accounts that send email?
Also do you have any insight to why DKIM in many MTAs pass all tests but fail at Yahoo?
I like the fact there is portability when it comes to authentication/identity.
1) Allows good senders to take it anywhere or move it easily.
2) Hold bad senders accountable and if they start over again they have to prove themselves all over again.
3) It should be domain based as to many ESP's or senders share IP space and or IP space isn't always properly managed right. Also, it should be noted that you can break down authentication down to a division or user based on the domain and selector combinations as well. You can't do that if it's IP based portability.
Today, you can port your reputation in SPF and DKIM. This isn't something coming. It's being done now. People will set up new IP space into an existing SPF record to allow the receiver to see both sets of IP's.
With DKIM, you can just take the domain, key, and selector combination to any IP set and start to send.
For that Yahoo! issue, it's simply that they are not on the latest draft/approved version of DKIM if I heard correctly. They are low on resources now.