Monday, January 30, 2006


Antispam and DKIM

There are a lot of meetings and conferences coming up for the antispam work that I'm doing (see my work-related page for more on that). My main focus right now is on DomainKeys Identified Mail (DKIM), which is finishing the development of a standard for having the originating domain digitally sign email messages to make it harder to "spoof" the originating address. We've had a group of technical representatives from a number of companies working on the DKIM specification for a couple of years now, and in January the Internet Engineering Task Force (IETF) chartered the DKIM working group. I am one of the co-chairs of the working group, and our goal is to add the input from the IETF participants to what we already have, and come out with an Internet standard that will be widely deployed and will reduce the use of spoofing as a technique for distributing phishing messages and spam.

More details, along with links to the technical documents, are on the DKIM web page, where you can also find the official mailing list if you're interested in participating in the discussion. Meanwhile, here are some of the DKIM and antispam related things coming up in the next several months:

  • Cisco is hosting a DKIM Summit meeting on 13 February in Santa Clara, CA. (Updated with a link at 18:30 EST on 1 Feb.)
  • The Messaging Anti-Abuse Working Group (MAAWG) will have its next meeting on 28 Feb and 1 & 2 March in San Francisco. The public sessions include work against phishing, and on reputation services, which we think will be an important supplement to what DKIM provides.
  • The 65th IETF meeting will be held from 19 to 24 March in Dallas, TX. The first session of the new DKIM working group (actually, the first two sessions) will happen then.
  • The 2006 MIT Spam Conference has been (re-)scheduled for 28 March. This is a less-formal technical/academic conference, which has had some interesting papers in its past few years.
  • The Anti-Phishing Working Group (APWG) will have its next meeting in Chicago on 18 April.
  • To coincide with the APWG meeting, the second annual Email Authentication Summit will be in Chicago the following day, 19 April.
  • The World Wide Web Conference, WWW2006, will be held in Edinburgh, Scotland, from 23 to 26 May. On that Tuesday (23 May), there will be a workshop on Internet crime, which will discuss, among other things, phishing and some of ways to attack it, including anti-spoofing techniques. It's possible that there will be a DKIM presentation there.
  • This year's Inbox conference will be held on 31 May and 1 June in San Jose, CA. It's likely that there will be something on DKIM there.
  • The 66th IETF meeting will be 9-14 July, in an as-yet-undisclosed location. More DKIM working group meetings there. If we're on schedule, the base specifications (for signing and verification) should be final by then, and we'll be spending the second half of the year working on the "signing policy" issues and documentation.
  • The third annual Conference on Email and Anti-Spam will be held in Mountain View, CA, on 27 and 28 July. I'm on the program committee for that conference, and I encourage anyone with some good antispam work to present to check out the Call for Papers, and give me more work to do.

That's just through July, and there's a lot going on. It's going to be a busy year.

No comments: