Could it be that the IETF have finally come up with the answer to that 21st century curse, the unsolicited commercial email (spam to most)? Am I wrong in being just that teeny bit skeptical? You be the judge.
A silicon.com newsletter dropped (solicited ;) into my mailbox today with a heading of an article that caught my eye (as hoping mine caught yours). Seems we're all a bit slow on the uptake as the IETF draft standard is dated February 15, 2007.
The success of DKIM (DomainKeys Identified Mail) relies on everyone who wants to see the end of spam adopting the idea and modifying their mailservers. That could be a while, apathy being most people's strong suit. In essence, though the idea is not bad.
Public Key Encryption has been around for a while - it is the basis of such mechanisms as PGP (Pretty Good Privacy) and involves anyone who wants to be positively identified as being who they really are on the Net registering a set of "keys" or secret codes with a "certificate authority" (think VeriSign or Thawte). The keys are mathematically related, but the "private one" (hidden with the authority) cannot be derived from the "public" one (handed out like a electronic ID card).
With DKIM, email servers (good ones) will quietly attach "invisible" keys to all outgoing mail. Email servers that are correctly configured will then be able to check the keys against an authority and either let the mail through unhindered, or flag it as junk. Up to ISPs and recipients as to how they then deal with them.
Other than being an IETF initiative (not an insignificant influence in Net terms) the likes of AOL, IBM, IronPort Systems, Trend Micro and VeriSign are supporting this.
So... will you modifying your server to adopt the standard? Will you be lobbying your ISP to do so? Or will you go with life, attacking the shoots of the noxious,invasive weed instead of hacking off its roots?
I reckon this has legs.... and you?
Comments