DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) is basically used for E-mail authentication. The aim of domain keys is to detect whether emails come from their claimed domain. DomainKeys is a rapidly emerging Internet standard mainly used by Yahoo Mail as well as Gmail. Yahoo has even acquired the patents (U.S. Patent 6,986,049) for DomainKeys. Compared to the normal method of email authentication, Domain Keys offers almost end-to-end integrity from a signing Mail Transfer Agent (MTA) to a verifying MTA. The basic working of Domain Keys can be summarized as follows:
The signing MTA will insert a header named DomainKey-Signature that contains a digital signature of the contents of the mail message. The common authentication mechanism is to use SHA-1 as the cryptographic hash and RSA as the public key encryption scheme, encrypted hash is encoded using base64. After that the signature validation is done by retrieving the senders public key through the DNS. That is the receiving SMTP server uses the name of the domain from which the mail originated, the string _domainkey, and a selector from the header to perform a DNS lookup. The returned data will include the domains public key. The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received, from the point immediately following the DomainKey-Signature header. If the two values match, this cryptographically verifies that the email originated at the correct domain and has not been tampered with in transit. DomainKeys is independent of Simple Mail Transfer Protocol (SMTP) outing aspects which uses the transported mail data, header and message body.

Continue reading…