Home / Blogs

Making DKIM More Useful with Domain Assurance Email

John Levine

The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from fred@furble.net, the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in.

DAC is a smallish trade association that Paul Hoffman and I recently started. Its goal is to define consistent ways for people to do certification and reputation based on DKIM. Certification lets a trusted third party publish a list of senders they vouch for. If you have that message from furble.net, you can check with your favorite certification service to see if furble.net is on their list of known good guys, and if so, skip the spam filters and deliver the mail. The technology to check whether a domain is on a certification service's list is not complicated; on the contrary it is so easy that if you asked 10 programmers how to do it, you would get ten similar but not quite compatible approaches. DAC has mostly spec'ed out a simple way to do the check. (It's available to anyone for free. All our specs will be.) The goal is to get everyone to check the same way, so each mail program needs only to be upgraded once to support DKIM certification, and if you decide you want to change whose list you check, you need only change a configuration setting or two.

At the moment, the only people doing certification are general purpose mail certification services. (Several of them are already DAC members.) Down the road we also expect to see a lot of industry specific certifiers. For example, the FDIC or ABA might certify mail from their member banks, since they already know who the banks are. Other trade associations or regulators might similarly certify their members or regulatees.

The next step after certification will be reputation. The difference is that certification is basically one bit saying "they're OK", while reputation is more like a credit score that gives the reputation service's opinion of a sender, or a credit report with a collection of positive and negative data from which recipients can draw their own conclusions. Reputation is harder to do than certification, since a reputation report might contain anything from a single numeric score to an entire dossier of data of different types.

If you want to see how our certification system, currently called Vouch by Reference (VBR), works drop by our web site and take a look.

By John Levine, Author, Consultant & Speaker
Follow CircleID on
Related topics: Email, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Making DKIM More Useful with Domain Assurance Email Matthew Elvey  –  Aug 12, 2006 3:42 PM PDT

Great job on VBR so far!

1)It would be nice to see it extended soon to include semantics for non-e-mail messages, such as IMs, wiki-edits, blog comments like this one, SMS, forum & USENET posts, VoIP, and could readily be applied to entire websites, and faxes…

Fortunately, the semantics are readily extensible to cover such media, though the 'all' category should be renamed (to email) or redefined (to cover all media) ASAP.

2)Some clarification as to whether, for example, a transactional email can also have advertising in it or not is needed.

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign