Email Authentication Will Help Fight Fraud and Spam

As a cryptographic-based technology, DomainKeys inserts a signature into every message, to allow receivers to verify the original sender of the message and guarantee that the message content has not been changed in transit. Sendmail's initial tests were designed to establish the impact of this approach on email server throughput. This test is the first in a series being conducted as part of the Sendmail Messaging Integrity Pilot Program, the goal of which is to accelerate testing, standardization and deployment of sender authentication technology on the Internet. As part of the program, Sendmail is also evaluating the survivability, end-user experience, deployability and security of the mainstream sender authentication schemes.

The test focused on the DomainKeys mail filter, the first implementation of the DomainKeys specification available on the Internet. The DomainKeys mail filter, also known as dk-milter, was developed by Sendmail and released as open source earlier this year. It plugs directly into both the open source sendmail MTA and commercial Sendmail solutions.

Designed and executed by Sendmail's Professional Services, the test found that performance impact was well within expected norms, with an approximate CPU overhead of 7.8% on outbound traffic and 15.2% on inbound traffic. These initial results have shown that the cryptographic technology used in DomainKeys offers a tenfold performance increase over typical milter-based spam filters. On a properly tuned Linux server, it was demonstrated that the open source sendmail MTA and the DomainKeys milter could deliver well over one hundred messages per second. This pace far outstrips the throughput of most common spam detection engines and shows that authentication should not cause a noticeable bottleneck for mail delivery.

"If email authentication technology is to be widely adopted, it must have minimal impact on productivity and system performance," said Eric Allman, CTO at Sendmail. "These are impressive results for early code. They suggest that DomainKeys will be more efficient than current methods of filtering and evaluating all messages."

Full details of the DomainKeys mail filter performance test, including system tuning parameters, test network configuration and links to all open source code are available from the dk-milter page at http://sendmail.ne … /dk-milter/. More information on the Sendmail Messaging Integrity Pilot Program, and other email authentication resources, is available at http://sendmail.net/.

About the Messaging Integrity Pilot Program

Sendmail is actively seeking participants to test the next generation in anti-fraud and anti-spam technologies as a part of Sendmail's Messaging Integrity Pilot Program. Testing will involve assessing the compatibility of various sender authentication protocols with existing email infrastructure elements such as MTAs, forwarding services, and mail user clients.

The goal is to test authentication with as many of the commonly used packages as possible to identify potential issues in the sender-recipient path that could prevent successful authentication of messages. This testing will validate that these new technologies really work in a complex network systems environment such as the Internet. These technologies can be adopted easily and senders and recipients can be secure in the knowledge that the infrastructure that they depend upon is ready for sender authentication. For more information on the Messaging Integrity Pilot Program, visit http://www.sendmail.net.

Source: Sendmail Inc.