[GTER] Yahoo! Domain Keys
Alexandre Hautequest
hquest at onda.com.br
Wed Nov 17 09:19:34 -02 2004
Comentarios?
A turma do Sendmail ja tem implementacao (
http://sendmail.net/dk-milter/ ), outros MTAs devem receber em breve tal
acessorio.
http://antispam.yahoo.com/domainkeys
DomainKeys: Proving and Protecting Email Sender Identity
Email spoofing - the forging of another person's or company's email
address to get users to trust and open a message - is one of the biggest
challenges facing both the Internet community and anti-spam
technologists today. Without sender authentication, verification, and
traceability, email providers can never know for certain if a message is
legitimate or forged and will therefore have to continually make
educated guesses on behalf of their users on what to deliver, what to
block, and what to quarantine, in the pursuit of the best possible user
experience.
DomainKeys is a technology proposal that can bring black and white back
to this decision process by giving email providers a mechanism for
verifying both the domain of each email sender and the integrity of the
messages sent (i.e,. that they were not altered during transit). And,
once the domain can be verified, it can be compared to the domain used
by the sender in the From: field of the message to detect forgeries. If
it's a forgery, then it's spam or fraud, and it can be dropped without
impact to the user. If it's not a forgery, then the domain is known, and
a persistent reputation profile can be established for that sending
domain that can be tied into anti-spam policy systems, shared between
service providers, and even exposed to the user.
For well-known companies that commonly send transactional email to
consumers, such as banks, utilities, and ecommerce services, the
benefits of verification are more profound, as it can help them protect
their users from "phishing attacks" - the fraudulent solicitation for
account information, such as credit card numbers and passwords, by
impersonating the domain and email content of a company to which users
have entrusted the storage of these data. For these companies,
protecting their users from fraud emails translates directly into user
protection, user satisfaction, reduced customer care costs, and brand
protection.
For consumers, such as Yahoo! Mail users or a grandmother accessing
email through a small mid-western ISP, industry support for sender
authentication technologies will mean that they can start trusting email
again, and it can resume its role as one of the most powerful
communication tools of our times.
--
Alexandre
More information about the gter
mailing list