I have never been shy about my fondness for encryption-based methods of fighting spam and email-borne threats, in no small part because my old company, ePrivacy Group, deployed a very similar authentication system called Trusted Sender several years before the DKIM concept was hatched.
Unfortunately for everyone especially those of us invested in the development of the Trusted Sender technologies it quickly became clear as early as 2002 that the world wasnt ready for simpler email authentication. Indeed, authentication was seen at the time as falling somewhere between a curiosity and a waste of CPU cycles.
Mac vs. Linux: Which is More Secure?
Norton Internet Security 2008: Faster, Stronger
Microsoft's New Patent: The Dark Side of SaaS
The Emerging Dell-Linux-Apple War|
It would take many more years of criminal exploitation by spammers and password phishers, and untold billions of dollars in wasted bandwidth, crippled networks, hijacked bank accounts, and other fall-out from insecure email, before the worlds email administrators would see cryptographic authentication systems as inevitably necessary.
The DKIM standard is a much more streamlined version of the concept that our team at ePrivacy Group created for the Trusted Sender program. And DKIM benefits from that simplification, as well as a much more highly motivated community of senders and receivers who are eager if not a little desperate to get to a world where DKIM can become the basis for an array of smarter and more reliable email delivery decisions.
The DKIM standard allows email senders to insert a unique cryptographic signature into the headers of outbound email, allowing authentication to take place at any point along the path between the sender and the recipient. At any point along the way, once the signature has been validated, the signers identity can be better relied upon when making decisions about filtering, blocking, or sorting email into the dreaded Spam Folder.
As the DKIM website points out, DKIM leverages domain names rather than IP addresses to represent an organizations identity. This makes sense because domain names are more stable and already serve to reliably identify email senders on the Internet. Building on that, a valid DKIM signature provides further layers of trust to email and reinforces the value carried in the brand name and corporate goodwill of a sending organizations reputation.
Events like this months DKIM testing party are vital steps in demonstrating that greater messaging security is not only worth pursuing, but that it can be done in reliable and cost-effective ways. The sooner every email sending organization adopts DKIM, the sooner we will be to reliably tossing bad email into the bit-bucket while reliably delivering wanted email to users inbox.