Feeds

Google Apps battle spam with auto email signing

DKIM to the rescue

Internet Security Threat Report 2014

Google's Apps service has rolled out a technology designed to snuff out spam and phishing emails by cryptographically verifying that senders are they entities they claim to be.

The email-signing standard, known as DKIM or DomainKeys Identified Mail, is available immediately from Google Apps and can be turned on with a few clicks in the “Advanced Tools” tab by any Google Apps admin, Google Enterprise Product Manager Adam Dawes blogged. Email recipients can then configure spam filters to automatically block or allow email confirmed to come from certain domain addresses.

“Today, we mark another notch in the spam-fighting belt: we’re making it possible for all Google Apps customers to sign their outgoing messages with DKIM, so their sent mail is less likely to get caught up in recipients’ spam filters,” Dawes wrote. “Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost.”

The openness of the internet has been key in its worldwide reception, but it also makes it easy for fraudsters to spoof virtually any address they want. Witness the torrent of phishing emails purporting to come from banks, e-commerce sites, and government agencies.

DKIM uses robust public key cryptography to confirm that a message originated from the domain claimed in an email's from field. Produced by an industry consortium in 2004, DKIM also takes a cryptographic hash of the message itself to help verify that the email body hasn't been altered while in transit. The guts of the standard rely on the SHA-256 cryptographic hash and RSA public key encryption scheme.

Unlike many verification schemes, DKIM doesn't require the use of certificate authorities. Instead, is uses the sender's domain name to perform a DNS lookup. It's also invisible to recipients with systems that don't support the technology. Those attributes make it easier and less costly to use than similar verification systems.

If widely adopted, DKIM could go a long way to improving the email portion of Google Apps. While the service does a better job than many in blocking incoming spam, your reporter has found that mail sent through the Google cloud gets repeatedly caught in his recipients' spam filters. Remarkably, even the Google-owned Postini filter has trouble determining that email sent over Google Apps is legitimate. The ability to cryptographically prove email came from the service ought to help.

A DKIM FAQ and instructions for its implementation in Google Apps are here and here. If you've set up your domain through Google Apps, the service will automatically handle your DKIM keys. If you've set up your own domain, Google Apps supplies the keys and you must configure them on your own. ®

Internet Security Threat Report 2014

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
Netscape plugins about to stop working in Chrome for Mac
Google kills off 32-bit Chrome, only on Mac
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.