Backing for tool to battle spam

Mass-mailing viruses are a distant memory, say experts.

A tool that could help in the battle against spam and phishing attacks has received industry approval.

The DomainKeys Identified Mail (DKIM) system is a method of validating the identity of the sender of an e-mail.

Spammers hide their identity by using a false, or spoofed, address in the millions of messages they send out.

DKIM uses encrypted digital signatures to prove a message's origin and a draft standard has been accepted by the Internet Engineering Task Force (IETF).

The IETF is an umbrella group of individuals, such as network designers, vendors, and researchers, who are concerned with the development of the net.

The firms have pledged to work with ISPs, businesses and financial institutions to roll out the technology as soon as possible.

Protecting e-mail users from scams was a top priority, said Mark Delany, lead architect for Yahoo Mail and author of DomainKeys.

"DomainKeys Identified Mail is positioned to become the pre-eminent standard for e-mail authentication," he said.

Key consideration

Although 90 to 99% of e-mail comes from senders known to the recipient, establishing the identity of a sender remains a key consideration in the protection against spam.

Spammers get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses - such as @madeupmailname.com - is known to be used by spammers.

DKIM lets honest e-mail senders prove they sent a message by encrypting a two-part signature, or key, in a selected part of the mail.

The e-mail provider, such as Yahoo, puts an encrypted private key into the e-mail when it is sent.

It is linked to a public key held by the internet's domain name system - the phonebook of the internet.

The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender.

But in order for the technology to work, both the sender and recipient need their mail services to be signed up to DKIM.

"DKIM is an example of major players coming together to do the right thing, sacrificing short term competitive edge to ensure safety, security and trust on the internet," said Eric Allman, co-founder of messaging service Sendmail.