On the internet know one needs to know you're a phish

It was in July of 1993 that the New Yorker magazine published Peter Steiner's "On the internet no one has to know you're a dog" cartoon. The cartoon didn't need to explain what the internet was and some historians credit the publication date as close to that point in the 1990's when the internet became accepted into the public's consciousness. Much about the internet has changed considerably in 14 years but the authenticity of an email sender's identity still remains less than certain. Nobody know this better than those information security personnel who are in the front lines fighting spam and phishing emails. Presently the problem with spam is that the headers in an email message can be spoofed so that the sender will falsely appear to be from a legitimate domain. Spammers and phishers commonly use botnets which are essentially a network of compromised home and business computers to generate this mail traffic. Anti-spam filtering works by text scanning the content of the email's message body and looking for common words and phrases used by spammers in pushing their sexual enhancement products and hot stock tips (those spams that make it through try to scramble a little or "munge" the text as a foil). Counter-measures begat counter -counter measures and the latest is for spammers to embed images containing text to foil the filtering. To countermand that tactic optical character scanning (OCR) of the image is needed to be done by the receiving mail server and that is a very slow and resource intensive counter-counter-counter-measure. The best solution would be to utilize public key cryptography (PKI) by applying a digital signature that's signed by the sender's private key to the message body of the email. The same web of trust that makes secure sockets layer (SSL) encrypted sessions possible on the web would also validate the legitimacy of these public and private keys. Email gateways could effectively eliminate spam by filtering out untrusted email messages without blocking legitimate senders. This is a now ready for prime time solution because the Internet Engineering Task Force (IETF) has, as of May of this year, made Yahoo and CISCO's implementation of the technology, DomainKey's, the draft standard for digitally signing all internet mail. PKI has been effectively battle tested for more than ten years and while the spammers and phishers are if anything, an ingenious and criminally creative lot, domain keys promises to finally put the kebosh on most spam.