History of Email Authentication
Updated: Feb 7
We all agree that technology is changing the way we look at the world today. Past five decades has helped in shaping our life tremendously. Today we all know that technology is and will be the deciding factor in human mankind. From touching Moon and being ready to visit the Mars technology gives us hopes. However, one such technology which most of us don’t think about but helped humans in so many ways in achieving whatever we are today Email. Email is huge largest deployed application on the Internet and past two decades there has been quite a revolution in Email itself from creating it to exchange messages between people to exchanging messages between countries, indeed email has been quite a revolution. As the need of email increased thus increased concerns of protecting those confidential messages and that’s when scholars started thinking or protecting email. Today we will see some of the most significant approaches taken too secure email.
Few of them we have listed below: -
First SPF draft : In 2003 Meng Weng Wong posted the first draft of Sender Policy Framework (SPF). SPF has been around for a long time now and surely it was first initiative taken and with the help of Microsoft SPF became an important factor for email authentication.
First DKIM draft: DomainKeys Identified Mail was developed to make sure that the authenticity of the message is never altered. SPF was not seen as the complete solution for email authentication because just specifying an owner of a domain to ensure which mail servers they use to send mail was not enough because of the possibility of attacker altering the message which was also one big concern for everyone DKIM was the perfect remedy because of its use of cryptographic hash thereby adding header and creating a digital signature of a message guaranteeing the authenticity of the message. This year PayPal also begins its work with Yahoo on authentication-based model.
As email authentication became crucial more and more organizations started recommending SPF and DKIM for email security.
By 2007 BITS Email Security Group published a paper recommending TLS (Transport Layer Security), SPF and DKIM for email. Meanwhile PayPal and Yahoo introduced blocking based on DomainKeys and SPF going live the same year.
2008 – 2009:
PayPal and BITS started publishing guide for email authentication and to make more and more individuals and organization aware of email security and the need to use SPF and DKIM for email authentication thus resulting companies building business on top of authenticated email model.
Anti-Phishing solutions started being built while email security became more of a concern a need of a proto-DMARC.ORG effort begins, organized by PayPal to create Internet-scale success as published in 2008. Anti-Phishing solutions built on top of proto-DMARC start shipping.
After a lot of initial efforts from PayPal and BITS to make use of SPF and DKIM as an important factor for email security still there was a need for an independent organization thus DMARC.org makes it way focusing on these important protocols and integrating these protocols into one known as DMARC to make email security more improved.
In 2012 First DMARC draft released. dmarcian.com launches to support DMAC. DMARC adoption reaches more than 60% of global consumer inboxes.
BITS publishes “BITS Email Authentication Policy and Deployment Strategy for Financial Services Firms”, recommends DMARC. DMARC.ORG specification work moves to the IETF (Internet Engineering Task Force).
DMARC.org becomes initiative under the Trusted Domain Project, a non-profit and tax-exempt public benefit corporation in State of California.
Journey of DMARC wasn’t easy from developing a first draft of SPF from Meng Weng Wong to getting an independent organization to look after the email security. DMARC is still growing and many businesses big or small are realizing how important is email security in their organization and thereby adopting DMARC as one of their saviors.