What is DKIM (DomainKeys Identified Mail)?

What is DKIM DomainKeys Identified Mail

DomainKeys Identified Mail, or DKIM for short, is a procedure based on asymmetric encryption and signatures that can be used to ensure the authenticity of the sending domain of an email. Mail servers that support the procedure can detect forged e-mail senders and contain spam or phishing campaigns.

What is DKIM (DomainKeys Identified Mail)?

The abbreviation DKIM stands for DomainKeys Identified Mail. It is a method for verifying the authenticity of the domain information of an email sender address. DKIM uses asymmetric encryption to add a tamper-proof signature in the header of an email. The receiving server can verify the signature and ensure that the sending of the email was authorized by the domain owner and that the content was not altered.

The process generally operates transparently to end-users because signature verification occurs at the server level. DKIM was originally developed by Yahoo and Cisco. Other companies supported the procedure and submitted it for standardization. The authoritative RFCs are RFC 4871, published in 2007, and RFC 6376, published in 2011. DomainKeys Identified Mail can be used to mitigate spam or phishing campaigns.

How DomainKeys Identified Mail works

DomainKeys Identified Mail uses asymmetric encryption with private and public keys. A domain has a private key known only to it and a public key published via the Domain Name System (DNS). The mail server of the sending domain creates a hash value from the content. This is encrypted with the domain’s private key and inserted as a signature in the mail’s DomainKey signature header.

READ:  What is Air Gap?

The receiving mail server decrypts the signature using the public key it knows and compares the hash value with the hash value it calculated itself. If both hash values match, the authenticity of the domain is ensured and manipulation of the content is ruled out. Depending on the result of the check, the mail server decides whether to deliver the message, reject it, or subject it to a further check for suspicious content, for example.

For DKIM to function reliably, the mail servers must have corresponding software components that support the DomainKey procedure. Suitable software is available for almost all common mail transfer agents (MTAs).

Advantages and disadvantages of DomainKeys Identified Mail

The most important advantage of DomainKeys Identified Mail is that the receiving mail server can establish the authenticity of the signing domain and the unmodified content of the e-mail without any doubt. Domain-based procedures using blacklists and whitelists to contain phishing or spam campaigns thus work much more efficiently. Senders of spam or phishing e-mails can no longer forge arbitrary sender addresses.

However, DomainKeys Identified Mail itself does not detect spam. If email addresses of an authenticated domain are used for sending spam, further measures have to be taken to detect mails with unwanted content.

READ:  What Is a Data Breach?

A disadvantage is that generating and checking signatures requires additional computing power of the sending and receiving mail servers. For servers with a high volume of e-mail, this can become a challenge. For the process to work, the mail transfer agents of the systems involved must be equipped with appropriate software. The required private and public keys must also be generated and made available.