One cheer for DKIM!

 Standards work is generally conducted in what feels like slow-motion. More than a few highly-detailed conversations last for months or years. To those of us who've spent time in such conversations, it can be big news to learn that big news may be only a few months away. But for maximal, heart-stopping excitement, it should hint at the possibility of some day making real progress against spam.

That's exactly what seems to be happening in the case of DKIM (Domain Keys Identified Mail), an emerging standard for cryptographically linking each message with the sending domain. In conjunction with some future developments, it could take a big bite out of "phishing" -- unsolicited email pretending to come from a trusted institution.

Just a couple weeks ago -- hot off the presses, in standards time -- the chair of the IETF DKIM working group made the dramatic announcement (in the first paragraph) that things are going well. This means   it could be as little as a few months before DKIM becomes a Draft Standard -- a misleading term that describes the highest level that successful IETF standards generally attain. (MIME, for example, is a Draft Standard.)  I think DKIM will be the first spam-focused standard to complete the standards process.

Exciting, huh?

If you're not accustomed to emptying the ocean with a cup, you can be forgiven if you're breathing normally. But there are dozens of possible antispam measures not yet in use, and they will only work together effectively in the context of a very formal framework -- a set of interlocking standards.

To oversimplify a bit: time favors the spammers because it takes far more computer power to examine a message than to send it. This advantage will probably last as long as Moore's Law does. Eventually, inevitably, we will need to develop a more systematic approach integrating multiple interlocking technologies.

DKIM is, at long last, the first of those pieces. By itself, as its opponents are quick to tell us, DKIM will do NOTHING to stem the tide. But then, while a single rock can't hold off a flood, a wall of them can.

So, it's time to celebrate the near-completion of a decade's work by some very good people. Even though it does almost nothing useful today. With all the energy I can muster, let's hear it for DKIM: Hip-

[Full disclosure: Eight years ago I helped broker the peace treaty that merged DK and IIM into DKIM.  And Barry Leiba is my friend.]

FILED IN