Instead of money saving deals, e-mailed coupons could lead recipients into “phishing” schemes where the consumer is redirected to a copycat site, whose real purpose is to siphon the user’s credit card information, passwords and other financial data, IBM Corp. security executive Christopher Rouland warned.

If you are a Boxbe member and have approved email from say Amazon.com, messages from a an address that claims to be from Amazon, but really aren’t, won’t make it through to your inbox.

Boxbe uses two email authentication methods (DKIM and SPF) to verify that the emailer is who they claim to be. DKIM and SPF are two email authentication standards backed by Google, Microsoft, Yahoo!, and AOL. Boxbe blocks messages that come from senders who claim to be someone that they are not

Be safe out there this holiday season and let us worry about your email.
Read

image from Flickr user skrewtape.

What is DKIM?

From Yahoo:

DKIM is an email authentication framework that addresses the widespread issue of email forgery, using cryptography to verify the domain of the sender. It allows email providers to validate an email’s originating domain, making use of blacklists and whitelists more effective. It also makes phishing attacks easier to detect by helping to identify abusive domains.

DKIM is good for the internet and will help detect forged email addresses. However, DKIM alone won’t stop spam originating from non-faked addresses nor will it stop other forms of unwanted email. Email expert Richi Jennings says “At best, they give a partial indication whether a message is spam or not, but their main use is to allow recipients to look up the reputation of the sending domain.”

The UK’s PC Advisor says “To make it work, DKIM now has to be adopted and incorporated by independent software vendors into their email applications and related infrastructures.”

That said, this is a step forward in stopping phishing schemes and other illegal activities that originate from non-authenticated senders and we are happy to see the DKIM standard approved and hopefully more widely adopted.

More about DKIM

DKIM Workgroup
DKIM FAQ
Yahoo! Anecdotal

More discussion of the standard approval

Promising antispam technique gets nod – CNET News
IETF backs new cryptographic scheme to battle the effects of spam – Ars Technica
Junked: Is this the end of spam and spoof email? – Silicon.com
Bye Bye Spam and Phishing with DKIM? – Slashdot.org
New Spec Could Cut Phishing, Spam – Dark Reading
IETF approves DKIM to fight spam and phishing – A Canadian Geek
Why DKIM will fail – Spin on Cue
Promising new anti-spam techique gains key approval – Geeks Are Sexy

photo from Flickr user lordcuauhtli

Pre-Approval

Setting up your pre-approval list is important to ensure people that you know and trust can still email you. The easiest way to do this is to upload your address book. We’ve made uploading your address book easy.

Non-Approved Senders

When you receive an email from someone you don’t know, an email is sent to the sender.

The email says the following:

Delivery Status Notification (Failure)

The message you sent to randy@boxbe.com was not delivered.

randy@boxbe.com uses Boxbe to limit inbox access. You
are not pre-approved to deliver from randy_stewart@yahoo.com
and your message has been placed in a quarantine.

To complete delivery
——————–

Authenticate your message (click on link):
https://www.boxbe.com/crs/test?sender=sendersemail%40yahoo.com
&recipient=randy&40boxbe.com&qmlid=100100410780111986
&subject=Hi%20there

Pay a refundable(*) fee of USD $0.15 (click on link):
https://www.boxbe.com/ama/post_payment?sender=sendersemail%
40yahoo.com&recipient=randy%40boxbe.com
&qmlid=100100410780111986&subject=Hi%20there

(*) randy@boxbe.com has the choice to grant a refund.

About Boxbe
———–
Boxbe is a communications marketplace built on top of today’s
email. By using a price as a screen and letting you share your
interests, Boxbe helps you get the messages you want and
avoid the ones you don’t. Friends continue to reach you for free.

Get a cleaner, more useful inbox.
Join Boxbe today! Visit http://www.boxbe.com/

They can take a test to prove they are human or post a bond that you set. If you have allowed senders to take a test, your new friend will get a screen that looks like this:

[Click for full size image]

If not, they will be required to join and post the bond you have set.

[Click for full size image]

Setting the bond low will ensure that people won’t mind risking a few cents. This will, however, deter emails that you aren’t likely to want.