The firm, one of the main developers of mail transfer agent (MTA) software, will today launch a Messaging Integrity Pilot Program, with backing from Microsoft, which designed Caller ID, and Yahoo!, which designed DomainKeys. Sendmail will release an open source implementation of DomainKeys immediately, in the form of a plug-in for its own MTA. It will provide links to implementations that work with other MTAs such as qmail and Postfix.
Rand Wacker, Sendmail’s director of product strategy and planning, said implementations of SPF and Caller ID will be released too, but those specs are being merged in an Internet Engineering Task Force working group.
All three proposed specs aim to help reduce the proliferation of email worms and spam, both of which commonly spoof the sender’s address to appear to come from elsewhere, sometimes bypassing filters.
SPF and Caller ID merged will provide an XML format for publishing information about authorized mail servers in domain name system records. Recipient MTAs will be able to crosscheck server addresses with their domains in the DNS.
DomainKeys is a similar idea, but calls for public key cryptography. Senders will sign each outgoing email with a private key and recipients will verify the signature using a public key, also published in DNS records.
Sendmail will publish documentation to help organizations implement the specs. At first, the company is recommending testing, rather than production deployment. The company will encourage companies to provide feedback against a test matrix.
We’re expecting some really good feedback, possibly in the first couple of months, Wacker said. While standards development is usually laborious process, this one has been moving at extreme speeds, he said.
