An email authentication standard with broad industry support could be ready within two months, providing e-commerce companies with a new weapon to beat phishing attacks.

Domainkeys Identified Mail (DKIM), a joint effort between Cisco, Yahoo and a number of other vendors may be ready as soon as the end of July, providing some small glitches are ironed out.

"There's still some disagreement over minor points but it should be ready soon," said Eric Allman, CTO of Sendmail, who is working on the project. "The key is breaking down the barriers that existed before, no one company can own this. It's very positive."

At the beginning of June SC first reported the amalgamation of Yahoo's Domainkeys and Cisco's Identified Mail systems. The scheme has received broad industry backing and, once ratified by the Internet Engineering Task Force (IETF), is expected to be adopted widely by e-commerce companies.

Aside from last minute wrangling from the engineers working on the final version of DKIM (things as simple as arguing over a full-stop or a comma has slowed progress), it should be ready soon and, according to Allman, is being welcomed with open arms by e-commerce companies.

But implementation of the system will be costly.

"Installing the new software may take up some time and if your servers are maxed out you may need to purchase a new one. Educating users will cost some money too," said Allman. "But put the cost of that against the cost of phishing scams and ID theft and you realize that it's very much worthwhile."

Allman warned that users should not expect DKIM to be a panacea for ID theft and internet scams. It is, he said, merely a good step in the right direction.

www.sendmail.com