This went unnoticed by me for a very long time, but I was going through some of my personal mail and I discovered that Yahoo is now signing its outbound mail with DKIM in addition to DomainKeys.
Long time readers may remember that about two years ago, I started a series on Sender Authentication and covered DomainKeys but never got around to finishing up DKIM. I’m bad that way, I often start blog series, get bored… and don’t finish them (see: Blacklists, Foreign Charsets).
DKIM (DomainKeys Identified Mail) is the successor to DomainKeys. Basically, it works wherein the sender of the mail signs the contents of the mail, including some of the header information, and encrypts the message with a private key and inserts into an x-header. The receiver can retrieve a public key from DNS using information from the x-header. They decode the information and can then verify that the message did originate from the purported sender. Note that this technology is used to verify the authenticity of the sender; it does not assert that the sender is forged in the case of a DKIM failure, similar to what SPF hard fails assert.
Anyhow, digging through my email, Yahoo first started doing this on Feb 20, 2009. Yahoo does not publish SPF records, and for the longest time only did DomainKeys which is a less flexible pre-cursor to DKIM. Nice to see that, like Gmail, they are finally signing with DKIM. Although, like Gmail, signing with both is kind of redundant.