One of the Web’s largest e-mail providers is looking to make its service
safer with the adoption of DomainKeys, a cryptographic-based e-mail
authentication technology, Monday.
Sunnyvale, Calif.-based Yahoo
originally developed the
technology to reduce the amount of spam coming from spoofed e-mail addresses
personal and confidential information.
“Yahoo Mail understands that online security is vital to consumers, and
through our development and implementation of the DomainKeys authentication
solution, we are actively helping to protect consumers from threats like
e-mail spoofing and identity theft,” Brad Garlinghouse, Yahoo vice president
of communications products, said in a statement.
The announcement was one of several made by the portal, which
is facing fierce competition from upstarts like Google
and long-time threats like Microsoft
. Also launched
Monday was an increase to the storage space for Yahoo members, from 100 MB
to 200MB with 10MB attachments. Yahoo premium customers get 2GB of space
and 20MB for file attachments, a move prompted by Google’s 1 GB Gmail
DomainKeys is similar to the controversial Sender ID for E-Mail
technology from Microsoft in that it checks to make sure
e-mail is coming from the person or company it claims. It inserts a digital
signature into e-mail headers to confirm the source and
guarantee the message wasn’t changed in transit.
Sender ID, on the other
hand, is an IP-based answer to authentication that checks the Purported
Responsible Address (PRA) header information against a list of known, and
Yahoo’s technology got an additional boost with the announcement by
officials that it would soon begin testing
DomainKeys on its e-mail servers.
“EarthLink is always looking to evaluate new safeguards to increase consumer
protection against spammers who try to hide their identity behind e-mail
forgery,” Tripp Cox, EarthLink CTO, said in a statement. “In the coming
weeks, we plan to test the DomainKeys authentication solution on our e-mail
system and determine how we can best implement this spam-fighting software.”
Spam-busting technology and its implementation in the real world has been of
great concern to IT administrators lately. The Federal Trade Commission
(FTC) and National Institute of Standards and Technology (NIST) held an e-mail
authentication summit last week to hear about the major players and
The summit included discussions on the viability of cryptographic-based
specifications like DomainKeys and Cisco System’s
Identified Internet Mail (IIM). The general consensus of those attending,
according to Margaret Olson, technology co-chair for the E-mail Service
Provider Coalition, was the two technologies should be merged to provide a
more robust and centralized specification.
“They’re solving the exact same problem in the exact same way, and the
difference is the details and how you sign [the digital certificate],” she
said. “You could have a technical, theoretical discussion about which is
better in certain obscure edge cases, but at the end of the day the
differences aren’t significant.”
John Noh, a spokesman at Cisco, said the company has been in talks with
Yahoo and other organizations, as well, on their respective technologies and
the best way to implement.
“We’re not fundamentally opposed to combining these technical
specifications. It is our preference, however, that different vendors work
together to combine the best elements of these different cryptographic
proposals to create the best technical solution,” he said.
“Such a solution
must factor in the different use cases, including those of enterprises,
service providers, small- to medium-sized businesses, and individual users.
[This] preserves the positive aspects of today’s e-mail infrastructure
including the privacy of e-mail users and the ability for a user to send
e-mail to any other use.”
In August, DomainKeys benefited from Sendmail study,
which reported a “10-fold performance increase” over standard e-mail filters with only a slight lag in server