Archive for the 'Standards' Category

DKIM gets IETF approval

Thursday, May 24th, 2007

218948748_36df4c81df_m.jpgA few days ago, Domain Keys Identified Mail or DKIM, was approved by the Internet Engineering Task Force (IETF). DKIM is one of the standards that we use at Boxbe to keep your email safe from phishing attacks and fake emails in general.

What is DKIM?

From Yahoo:

DKIM is an email authentication framework that addresses the widespread issue of email forgery, using cryptography to verify the domain of the sender. It allows email providers to validate an email’s originating domain, making use of blacklists and whitelists more effective. It also makes phishing attacks easier to detect by helping to identify abusive domains.

DKIM is good for the internet and will help detect forged email addresses. However, DKIM alone won’t stop spam originating from non-faked addresses nor will it stop other forms of unwanted email. Email expert Richi Jennings says “At best, they give a partial indication whether a message is spam or not, but their main use is to allow recipients to look up the reputation of the sending domain.”

The UK’s PC Advisor says “To make it work, DKIM now has to be adopted and incorporated by independent software vendors into their email applications and related infrastructures.”

That said, this is a step forward in stopping phishing schemes and other illegal activities that originate from non-authenticated senders and we are happy to see the DKIM standard approved and hopefully more widely adopted.

More about DKIM

DKIM Workgroup
DKIM FAQ
Yahoo! Anecdotal

More discussion of the standard approval

Promising antispam technique gets nod – CNET News
IETF backs new cryptographic scheme to battle the effects of spam – Ars Technica
Junked: Is this the end of spam and spoof email? – Silicon.com
Bye Bye Spam and Phishing with DKIM? – Slashdot.org
New Spec Could Cut Phishing, Spam – Dark Reading
IETF approves DKIM to fight spam and phishing – A Canadian Geek
Why DKIM will fail – Spin on Cue
Promising new anti-spam techique gains key approval – Geeks Are Sexy

photo from Flickr user lordcuauhtli

FAQ – Non-approved senders

Thursday, March 1st, 2007

By now, you know how the Boxbe system works. Sign up for a protected email address and only people that pay, prove they are human or you pre-approve get through to you. But what does it look like to the sender?

Pre-Approval

Setting up your pre-approval list is important to ensure people that you know and trust can still email you. The easiest way to do this is to upload your address book. We’ve made uploading your address book easy.

boxbe_add_friends.jpg

Non-Approved Senders

When you receive an email from someone you don’t know, an email is sent to the sender.

The email says the following:

Delivery Status Notification (Failure)

The message you sent to randy@boxbe.com was not delivered.

randy@boxbe.com uses Boxbe to limit inbox access. You
are not pre-approved to deliver from randy_stewart@yahoo.com
and your message has been placed in a quarantine.

To complete delivery
——————–

Authenticate your message (click on link):
https://www.boxbe.com/crs/test?sender=sendersemail%40yahoo.com
&recipient=randy&40boxbe.com&qmlid=100100410780111986
&subject=Hi%20there

Pay a refundable(*) fee of USD $0.15 (click on link):
https://www.boxbe.com/ama/post_payment?sender=sendersemail%
40yahoo.com&recipient=randy%40boxbe.com
&qmlid=100100410780111986&subject=Hi%20there

(*) randy@boxbe.com has the choice to grant a refund.

About Boxbe
———–
Boxbe is a communications marketplace built on top of today’s
email. By using a price as a screen and letting you share your
interests, Boxbe helps you get the messages you want and
avoid the ones you don’t. Friends continue to reach you for free.

Get a cleaner, more useful inbox.
Join Boxbe today! Visit http://www.boxbe.com/

They can take a test to prove they are human or post a bond that you set. If you have allowed senders to take a test, your new friend will get a screen that looks like this:

captcha_screen.jpg

[Click for full size image]

If not, they will be required to join and post the bond you have set.

boxbe_payment.jpg

[Click for full size image]

Setting the bond low will ensure that people won’t mind risking a few cents. This will, however, deter emails that you aren’t likely to want.