Google Adds Authentication to Google Apps

Friday, February 04, 2011

Bill Gerneglia

44fa7dab2a22dc03b6a1de4a35b7834a

Article by Cara Garretson

Recently Google announced in a blog post that is has added authentication capabilities to Google Apps, allowing users to sign outgoing mail messages so they’re less likely to get caught in spam filters.

By implementing DomainKeys Identified Mail (DKIM) at no additional cost to Google Apps users, the company says it is giving email senders a way to validate who they are in a manner that spam filters recognize, therefore ensuring higher message delivery rates to recipients.

“Email authentication is an important mechanism to verify senders’ identities, giving users a tool to recognize potential spam messages,” reads the blog post, penned by Adam Dawes, Google enterprise product manager.

“In addition, many mail systems can display whether a received message is DKIM-verified, which helps spam filters verify and assess the overall reputation of the sender’s domain: messages from untrusted senders are treated more skeptically than those from good senders.”

Effective immediately, Google Apps administrators can enable DKIM signing for outgoing messages by using the Advanced Tools tab in the control panel. As more email vendors support DKIM signing and other authentication technologies, it will become easier to separate good mail messages from bogus ones, Dawes says.

Because spammers can forge the “from” address on email messages, additional steps such as digital signatures are required to verify where a message was sent from. Signed messages include information in the header of the message that recipients can match with the sender’s domain signature to verify the message is coming from the domain it says it is, and to ensure that the information hasn’t been changed en route, says Google.

With DKIM, outbound messages include a digital signature and generate a domain key that Google Apps uses to create encrypted mail headers that are unique to the sender’s domain. The public key is then added to the Domain Name System (DNS) records for that domain, so that recipients can verify the sender of the message by using the public key to decrypt the header, says Google.

The DKIM standard emerged in 2005 as a combination of Yahoo’s DomainKeys and Cisco’s Identified Internet mail specifications, and has been approved by the Internet Engineering Task Force (IETF) as “a method for validating a domain name identity that is associated with a message through cryptographic authentication,” according to the DKIM.org web site.

Google has been offering DKIM as a sending option for Gmail users since the product launched in 2004, writes Dawes. As for helping verify incoming mail from Gmail accounts, Google in 2008 began working with eBay and PayPal to authenticate their mail with DKIM, and therefore block all unsigned messages that appeared to be coming from those companies addressed to Gmail users.

Google says that because its Apps platform is cloud-based, adding options such as DKIM can be done easily and inexpensively.

“Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost,” says Dawes. “Once again, the power of the cloud has made it possible for us to bring this feature to millions of customers quickly and affordably.”

Cross-posted from CIO Zone

Possibly Related Articles:
8754
Webappsec->General
Email Google Authentication Application Security DNS Spoofing
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.