What is DomainKeys Identified Mail (DKIM)?
DomainKeys Identified Mail (DKIM) is basically used for E-mail authentication. The aim of domain keys is to detect whether emails come from their claimed domain. DomainKeys is a rapidly emerging Internet standard mainly used by Yahoo Mail as well as Gmail. Yahoo has even acquired the patents for DomainKeys. Compared to the normal method of email authentication, Domain Keys offers almost end-to-end integrity from a signing Mail Transfer Agent (MTA) to a verifying MTA. The basic working of Domain Keys can be summarized as follows:
The signing MTA will insert a header named “DomainKey-Signature” that contains a digital signature of the contents of the mail message. The common authentication mechanism is to use SHA-1 as the cryptographic hash and RSA as the public key encryption scheme, encrypted hash is encoded using base64. After that the signature validation is done by retrieving the sender’s public key through the DNS. That is the receiving SMTP server uses the name of the domain from which the mail originated, the string _domainkey, and a selector from the header to perform a DNS lookup. The returned data will include the domain’s public key. The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received, from the point immediately following the “DomainKey-Signature” header. If the two values match, this cryptographically verifies that the email originated at the correct domain and has not been tampered with in transit. DomainKeys is independent of Simple Mail Transfer Protocol (SMTP) outing aspects which uses the transported mail data, header and message body.
- DKIM makes it easier to detect phishing attacks. Also it will be lot more easier to blacklist or whitelist the domains based on the mails they send out.
- Forged e-mail messages can be easily detected and avoided by end-user e-mail software (mail user agents), or by ISPs’ MTA.
Disadvantages of DKIM?
- If the content of a genuine mail gets modified during its transit, then the signature will not be valid and message may be rejected.
- DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in computational overhead not otherwise required for normal e-mail delivery.
For highly competitive pricing and excellent web hosting support services contact InstaCarma today!