The firm is also working on a reference implementation of the spec, which will be released under a royalty-free license as a plug-in for mail transfer agent (MTA) software. Yahoo will shortly carry out interoperability trials.
DomainKeys is a way of authenticating email senders, using public and private key pairs and the domain name system, to give email-handling software better information with which to make spam filtering decisions.
The idea is that organizations create their own key pair and publish the public key in their DNS records. Outgoing email, including the headers, would be signed with the private key, and recipients would be able to verify the signature by looking up the public key.
In this way, email filters could make security decisions knowing with a high degree of certainty that the sender is who they say they are. This could help protect against spam and viruses, both of which often spoof their From header.
The idea has been compared to Microsoft Corp’s Caller ID For Email and the independent Sender Policy Framework project, but Yahoo anti-spam product manager Miles Libbey said there’s no reason the three cannot interoperate.
They do both share a common goal, to authenticate email senders, said Libbey. But what Caller ID and SPF have come up with are more general policy frameworks. I see no reason why DomainKeys could not interoperate with them.
Libbey said that an SPF field could be set aside for DomainKeys policies, for example. SPF has already submitted its work to the IETF for possible ratification. Microsoft is still playing its Caller ID cards closer to its chest.
Sendmail Inc, a major MTA developer, is already committed to supporting DomainKeys. The company’s CTO told ComputerWire recently that Sendmail will support any of these authentication specs that gains traction.
