Home / Blogs

Making DKIM More Useful with Domain Assurance Email

The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from [email protected], the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn’t give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in.

DAC is a smallish trade association that Paul Hoffman and I recently started. Its goal is to define consistent ways for people to do certification and reputation based on DKIM. Certification lets a trusted third party publish a list of senders they vouch for. If you have that message from furble.net, you can check with your favorite certification service to see if furble.net is on their list of known good guys, and if so, skip the spam filters and deliver the mail. The technology to check whether a domain is on a certification service’s list is not complicated; on the contrary it is so easy that if you asked 10 programmers how to do it, you would get ten similar but not quite compatible approaches. DAC has mostly spec’ed out a simple way to do the check. (It’s available to anyone for free. All our specs will be.) The goal is to get everyone to check the same way, so each mail program needs only to be upgraded once to support DKIM certification, and if you decide you want to change whose list you check, you need only change a configuration setting or two.

At the moment, the only people doing certification are general purpose mail certification services. (Several of them are already DAC members.) Down the road we also expect to see a lot of industry specific certifiers. For example, the FDIC or ABA might certify mail from their member banks, since they already know who the banks are. Other trade associations or regulators might similarly certify their members or regulatees.

The next step after certification will be reputation. The difference is that certification is basically one bit saying “they’re OK”, while reputation is more like a credit score that gives the reputation service’s opinion of a sender, or a credit report with a collection of positive and negative data from which recipients can draw their own conclusions. Reputation is harder to do than certification, since a reputation report might contain anything from a single numeric score to an entire dossier of data of different types.

If you want to see how our certification system, currently called Vouch by Reference (VBR), works drop by our web site and take a look.

By John Levine, Author, Consultant & Speaker

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Matthew Elvey  –  Aug 12, 2006 10:42 PM

Great job on VBR so far!

1)It would be nice to see it extended soon to include semantics for non-e-mail messages, such as IMs, wiki-edits, blog comments like this one, SMS, forum & USENET posts, VoIP, and could readily be applied to entire websites, and faxes…

Fortunately, the semantics are readily extensible to cover such media, though the ‘all’ category should be renamed (to email) or redefined (to cover all media) ASAP.

2)Some clarification as to whether, for example, a transactional email can also have advertising in it or not is needed.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



IPv4 Markets

Sponsored byIPXO


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Domain Management

Sponsored byMarkMonitor