New anti-phishing technology could battle spam too

A new anti-phishing technology could develop into an anti-spam tool almost by accident, according to leading lights in the email engineering world. The technology has just been approved by the Internet Engineering Task Force.

DomainKeys Identified Mail (DKIM) is the latest technology to take on phishing attacks, which are attempts to steal vital bank or shopping account information from users via fake emails. Using digital signatures embedded in mail, the technology can ensure that a message that claims to be from your bank is telling the truth.

"DKIM is the email authentication framework and is addressing forgery issues," Dennis Dayman told weekly technology law podcast OUT-LAW Radio. Dayman is director of deliverability at email infrastructure firm Strongmail Systems. "The way that we do that is using cryptography to verify who sent the message."

"What DKIM does is allow us to identify the source of the email: did this person send that email? And if they did, we go to a second process, which is looking at the reputation of that sender, are they a good sender? Are they a spammer?" said Dayman.

DKIM works by digitally signing every outgoing mail from a domain. If the email recipient also uses DKIM, it checks the email signature against a publicly published signature for that domain as a whole. If the two signatures do not match or if there is no signature on an incoming mail but there is one attached to the domain, then the system knows that the mail did not come from where it claims it did.

This stops phishing, which depends on email users believing that emails come from a company they deal with when in fact they come from a fraudster. But email experts said that the system could end up combating spam as well.

"It's only very indirectly an anti-spam tool," said Jim Fenton, an engineer at routing giant Cisco who has been instrumental in DKIM's development. "Spammers can sign their messages just as well as anyone else can; it's very easy to register a domain and sign messages from that domain."

"The advantages are that they won't be able to sign messages coming from my email address, and the other thing is that it gives a reliable identity on which a reputation or an accreditation can be based. You can use it to key into these reputation systems in a way you can't currently because the source email address is too unreliable," he said.

Eric Allman is an email pioneer and founder of Sendmail. He said that anti-spam functions will only emerge if DKIM becomes ubiquitous.

"Right now an unsigned message has no suspicion because most messages are unsigned," said Allman. "In the future if we get to the point where most messages are signed, and come from a place of a good reputation, then something that is either unsigned or comes from a place with a bad reputation becomes suspicious."

"It's kind of incidental to spam, so we may get into a position where we force spammers to at least be traceable back to where they came from," said Allman. "That makes it easier to at least take action against them. So once again it's an indirect effect, but I think it's a very real effect on spammers."