DomainKeys Identified Mail
Encyclopedia
DomainKeys Identified Mail (DKIM) is a method for associating a domain name
to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature
which can be validated by recipients. Responsibility is claimed by a signer —independently of the message's actual authors or recipients— by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key
using the DNS
, and then verifies that the signature matches the actual message's content.
A DKIM signature can cover other fields of a message's header, such as the From: and Subject: fields, and the message body (or its initial part). The DKIM-Signature field itself is always implicitly covered, and, besides the signature proper, contains other data identified by tags, such as the domain name, the list of covered fields, the signing algorithm, and the method by which text snippets are simplified for signing purposes (canonicalization). Thus, the strength of a DKIM-Signature can be tuned so as to allow those message modifications that are considered "normal". Note that DKIM is not designed to provide end-to-end integrity.
Prominent email service providers implementing DKIM include Yahoo, Gmail
, and FastMail.FM
. Any mail from these organizations should carry a DKIM signature.
DKIM, as stated on the DKIM homepage, is the result of merging DomainKeys
and Identified Internet Mail. This merged specification has been the basis for a series of IETF standards-track specifications and support documents.
(MTA). The signing organization can be a direct handler of the message, such as the author, the originating sending site or an intermediary along the transit path; or an indirect handler, such as an independent service that is providing assistance to a direct handler. In most cases, the signing module acts on behalf of the author organization or the originating service provider, by inserting a DKIM-Signature: header field. The verifying module typically acts on behalf of the receiver organization.
The need for this type of validated identification arose because spam often has forged addresses and content. For example, a spam message may claim in its "From:" header field to be from sender@example.com, when it is not from that address, and the spammer's goal is to convince the recipient to accept and to read the email. Because the email is not from the example.com domain, complaining there is not useful. It also becomes difficult for recipients to establish whether to trust or distrust any particular domain, and system administrators may have to deal with complaints about spam that appears to have originated from their systems, but did not.
DKIM is independent of Simple Mail Transfer Protocol
(SMTP) routing aspects in that it operates on the RFC 5322 message —the transported mail's header and body— not the SMTP envelope defined in RFC 5321. Hence the DKIM signature survives basic relaying across multiple MTAs.
DKIM allows the signer to distinguish its legitimate mail stream. It does not directly prevent or disclose abusive behavior.
This ability to distinguish legitimate mail from potentially forged mail has benefits for recipients of e-mail as well as senders, and "DKIM awareness" is programmed into some e-mail software.
mechanism are to use SHA-256 as the cryptographic hash and RSA as the public key encryption scheme, and encode the encrypted hash using Base64
.
The receiving SMTP server uses the domain name and the selector to perform a DNS lookup. For example, given the signature
DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane;
c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938;
h=from:to:subject:date:keywords:keywords;
bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR
a verifier queries the TXT resource record type of
nor revocation lists involved in DKIM key management, and the selector is a straightforward method to allow signers to add and remove keys whenever they wish —long lasting signatures for archival purposes are outside DKIM's scope. Some more tags are visible in the example: v is the version, a is the signing algorithm, c is the canonicalization algorithm(s) for header and body, q is the default query method, l is the length of the canonicalized part of the body that has been signed, t is the signature timestamp, x is its expire time, and h is the list of signed header fields, repeated for fields that occur multiple times. Note that the DKIM-Signature header field itself is always implicitly included in h.
The data returned from the query is also a list. It includes the domain's public key, along with other key usage tokens and flags. The receiver can use this to then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail was signed by the indicated domain and has not been tampered with in transit.
Signature verification failure does not force rejection of the message. Instead, the precise reasons why the authenticity of the message could not be proven should be made available to downstream and upstream processes. Methods for doing so may include sending back an FBL message
, or adding an Authentication-Results header to the message as described in RFC 5451.
of Yahoo! and enhanced through comments from many others since 2004. It is specified in Historic RFC 4870, obsoleted by Standards Track RFC 4871, DomainKeys Identified Mail (DKIM) Signatures; both published in May 2007. A number of clarifications and conceptualizations were collected thereafter, and specified in RFC 5672, August 2009, in the form of corrections to the existing specification. In September 2011, RFC 6376 merged and updated the latter two documents, while preserving the substance of the DKIM protocol. Key compatibility with the earlier DomainKeys is also possible.
DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the IETF DKIM Working Group, chaired by Barry Leiba
and Stephen Farrell, with
Eric Allman
of sendmail
,
Jon Callas
of PGP Corporation
, Mark Delany
and Miles Libbey of Yahoo!
, and Jim Fenton and Michael Thomas of Cisco Systems
attributed as primary authors.
Source code development is led by The OpenDKIM Project, following the most recent protocol additions, and licensing under the New BSD License.
attacks easier to detect.
There are some incentives for mail senders to sign outgoing e-mail:
However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today.
If spammers are forced to show a correct source domain, other filtering techniques can work more effectively.
In particular, the source domain can feed into a reputation system
to better identify spam.
Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered.
If a receiving system has a whitelist of known good sending domains, either locally maintained or from third party certifiers, it can skip the filtering on signed mail from those domains, and perhaps filter the remaining mail more aggressively.
technology. Mailers in heavily phished domains can sign their mail to show that it is
genuine. Recipients can take the absence of a valid signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of scrutiny remains an open question; DKIM will have an optional feature called ADSP that lets authors that sign all their mail self-identify, but the effectiveness of this approach remains to be tested.
Working with eBay and PayPal, Google has effectively utilized DKIM in GMail in such a way that any e-mail that claims to be coming from ebay.com or paypal.com will not be accepted at all if they cannot be verified successfully with DKIM. Such messages won't even appear in the Spam folder.
This design approach also is compatible with other, related services, such as the S/MIME
and OpenPGP content-protection standards.
DKIM is orthogonal to, and compatible with, the DNSSEC
standard and with SPF
.
message recipients. Since DKIM does not attempt to protect against mis-addressing, this does not affect its utility.
A concern for any cryptographic solution would be message replay
abuse, which bypasses techniques that currently limit the level of abuse from larger domains.
Replay can be inferred by using per-message public keys, tracking the DNS queries for those keys and filtering out the high number of queries due to e-mail being sent to large mailing lists or malicious queries by bad actors.
For a comparison of different methods also addressing this problem see e-mail authentication
.
, without control. The email provider who signed the message can block the offending user, but cannot stop the diffusion of already signed messages. The validity of signatures in such messages can be limited by always including an expiration time tag in signatures, or by revoking a public key periodically or upon a notification of an incident. Effectiveness of the scenario can be limited by filtering outgoing mail, ensuring that messages potentially useful to spammers are not being signed, or just not sent.
-aware. Mail servers can legitimately convert to a different character set, and often document this with X-MIME-Autoconverted header fields. In addition, servers in certain circumstances have to rewrite the MIME structure, thereby altering the preamble, the epilogue, and entity boundaries, any of which breaks DKIM signatures. Only plain text messages written in us-ascii
, provided that MIME header fields are not signed, enjoy the robustness that end-to-end integrity requires.
These problems are exacerbated when filtering or relaying software adds actual changes to a message. Although legitimate, the footer addition operated by most mailing lists
and many central antivirus
solutions, formally, are exactly the kind of message tampering that DKIM has been designed to guard against.
The solution is to whitelist known forwarders, e.g. by SPF
. Alternatively, a forwarder can verify the signature, modify the e-mail, and re-sign the message with a Sender: header. However, it should be noted that this solution has its risk with forwarded 3rd party signed messages received at SMTP receivers supporting the RFC 5617 ADSP protocol. Thus, in practice, the receiving server still has to whitelist known message streams, i.e. by DKIM.
Some suggest that these limitations could be addressed by combining DKIM with SPF, because SPF (which breaks when messages are forwarded) is immune to modifications of the e-mail data, and mailing lists typically use their own SMTP error address, also known as Return-Path. In short, SPF works without problems where DKIM might run into difficulties, and vice versa.
- DKIM Specifications
- DKIM Information and tools
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
which can be validated by recipients. Responsibility is claimed by a signer —independently of the message's actual authors or recipients— by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
using the DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
, and then verifies that the signature matches the actual message's content.
A DKIM signature can cover other fields of a message's header, such as the From: and Subject: fields, and the message body (or its initial part). The DKIM-Signature field itself is always implicitly covered, and, besides the signature proper, contains other data identified by tags, such as the domain name, the list of covered fields, the signing algorithm, and the method by which text snippets are simplified for signing purposes (canonicalization). Thus, the strength of a DKIM-Signature can be tuned so as to allow those message modifications that are considered "normal". Note that DKIM is not designed to provide end-to-end integrity.
Prominent email service providers implementing DKIM include Yahoo, Gmail
Gmail
Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well via POP3 or IMAP protocols. Gmail was launched as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though...
, and FastMail.FM
FastMail.FM
FastMail.FM is an e-mail service offered by the Messaging Engine company of Parkville, Victoria, Australia. Its servers are located in New York City with a backup in Norway.- History :...
. Any mail from these organizations should carry a DKIM signature.
DKIM, as stated on the DKIM homepage, is the result of merging DomainKeys
DomainKeys
DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail...
and Identified Internet Mail. This merged specification has been the basis for a series of IETF standards-track specifications and support documents.
Overview
Both modules, signing and verifying, are usually part of a mail transfer agentMail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA). The signing organization can be a direct handler of the message, such as the author, the originating sending site or an intermediary along the transit path; or an indirect handler, such as an independent service that is providing assistance to a direct handler. In most cases, the signing module acts on behalf of the author organization or the originating service provider, by inserting a DKIM-Signature: header field. The verifying module typically acts on behalf of the receiver organization.
The need for this type of validated identification arose because spam often has forged addresses and content. For example, a spam message may claim in its "From:" header field to be from sender@example.com, when it is not from that address, and the spammer's goal is to convince the recipient to accept and to read the email. Because the email is not from the example.com domain, complaining there is not useful. It also becomes difficult for recipients to establish whether to trust or distrust any particular domain, and system administrators may have to deal with complaints about spam that appears to have originated from their systems, but did not.
DKIM is independent of Simple Mail Transfer Protocol
Simple Mail Transfer Protocol
Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...
(SMTP) routing aspects in that it operates on the RFC 5322 message —the transported mail's header and body— not the SMTP envelope defined in RFC 5321. Hence the DKIM signature survives basic relaying across multiple MTAs.
DKIM allows the signer to distinguish its legitimate mail stream. It does not directly prevent or disclose abusive behavior.
This ability to distinguish legitimate mail from potentially forged mail has benefits for recipients of e-mail as well as senders, and "DKIM awareness" is programmed into some e-mail software.
How it works
The "DKIM-Signature" header field consists of a list of "tag=value" parts. Tags have very short names, usually one or two letters. The most relevant ones are b for the actual digital signature of the contents (headers and body) of the mail message, bh for the body hash, d for the signing domain, and s for the selector. The default parameters for the authenticationAuthentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
mechanism are to use SHA-256 as the cryptographic hash and RSA as the public key encryption scheme, and encode the encrypted hash using Base64
Base64
Base64 is a group of similar encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation...
.
The receiving SMTP server uses the domain name and the selector to perform a DNS lookup. For example, given the signature
DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane;
c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938;
h=from:to:subject:date:keywords:keywords;
bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR
a verifier queries the TXT resource record type of
brisbane._domainkey.example.net. There are no CAsCertificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
nor revocation lists involved in DKIM key management, and the selector is a straightforward method to allow signers to add and remove keys whenever they wish —long lasting signatures for archival purposes are outside DKIM's scope. Some more tags are visible in the example: v is the version, a is the signing algorithm, c is the canonicalization algorithm(s) for header and body, q is the default query method, l is the length of the canonicalized part of the body that has been signed, t is the signature timestamp, x is its expire time, and h is the list of signed header fields, repeated for fields that occur multiple times. Note that the DKIM-Signature header field itself is always implicitly included in h.
The data returned from the query is also a list. It includes the domain's public key, along with other key usage tokens and flags. The receiver can use this to then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail was signed by the indicated domain and has not been tampered with in transit.
Signature verification failure does not force rejection of the message. Instead, the precise reasons why the authenticity of the message could not be proven should be made available to downstream and upstream processes. Methods for doing so may include sending back an FBL message
Feedback Loop (email)
A feedback loop , sometimes called a complaint feedback loop, is an inter-organizational form of feedback by which an Internet service provider forwards the complaints originating from their users to the sender's organizations. ISPs can receive users' complaints by placing report spam buttons on...
, or adding an Authentication-Results header to the message as described in RFC 5451.
Development
The original DomainKeys was designed by Mark DelanyMark Delany
Mark Delany is an Australian computer programmer and consultant specializing in e-mail infrastructure, and anti-spam techniques.He is the chief architect and inventor of DomainKeys...
of Yahoo! and enhanced through comments from many others since 2004. It is specified in Historic RFC 4870, obsoleted by Standards Track RFC 4871, DomainKeys Identified Mail (DKIM) Signatures; both published in May 2007. A number of clarifications and conceptualizations were collected thereafter, and specified in RFC 5672, August 2009, in the form of corrections to the existing specification. In September 2011, RFC 6376 merged and updated the latter two documents, while preserving the substance of the DKIM protocol. Key compatibility with the earlier DomainKeys is also possible.
DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the IETF DKIM Working Group, chaired by Barry Leiba
Barry Leiba
Barry Leiba is a computer scientist and software researcher. He retired from IBM's Thomas J. Watson Research Center in Hawthorne, New York at the end of February, 2009, and now works for Huawei Technologies as a Standards Manager...
and Stephen Farrell, with
Eric Allman
Eric Allman
Eric Paul Allman is an American computer programmer who developed sendmail and its precursor delivermail in the late 1970s and early 1980s at UC Berkeley.-Education and training:...
of sendmail
Sendmail
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol used for email transport over the Internet....
,
Jon Callas
Jon Callas
Jon Callas is an American computer security expert and Chief Technical Officer of Entrust. Callas has a long history of work in the computer security field, and is a frequent speaker at industry conferences. Additionally, Callas is a contributor to multiple IETF RFCs...
of PGP Corporation
PGP Corporation
PGP Corporation, co-founded by Jon Callas and Phil Dunkelberger, is based in Menlo Park, California. PGP Corporation was funded by Rob Theis, General Partner, Doll Capital Management and Terry Garnett, General Partner, Venrock Associates. The company is the current owner of the Pretty Good Privacy...
, Mark Delany
Mark Delany
Mark Delany is an Australian computer programmer and consultant specializing in e-mail infrastructure, and anti-spam techniques.He is the chief architect and inventor of DomainKeys...
and Miles Libbey of Yahoo!
Yahoo!
Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California, United States. The company is perhaps best known for its web portal, search engine , Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Groups, Yahoo! Answers, advertising, online mapping ,...
, and Jim Fenton and Michael Thomas of Cisco Systems
Cisco Systems
Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
attributed as primary authors.
Source code development is led by The OpenDKIM Project, following the most recent protocol additions, and licensing under the New BSD License.
Patent encumbrance
DomainKeys is covered by assigned to Yahoo! Inc. For the purpose of the DKIM IETF Working Group, Yahoo! released the now obsolete DK library under a dual license scheme: the DomainKeys Patent License Agreement v1.2, an unsigned version of which can still be found, and GNU General Public License v2.0 (and no other version).Advantages
The primary advantage of this system for e-mail recipients is it allows the signing domain to reliably identify a stream of legitimate email, thereby allowing domain-based blacklists and whitelists to be more effective. This is also likely to make some kinds of phishingPhishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
attacks easier to detect.
There are some incentives for mail senders to sign outgoing e-mail:
- It allows a great reduction in abuse desk work for DKIM-enabled domains if e-mail receivers use the DKIM system to identify forged e-mail messages claiming to be from that domain.
- The domain owner can then focus its abuse team energies on its own users who actually are making inappropriate use of that domain.
Use with spam filtering
DKIM is a method of labeling a message, and it does not itself filter or identify spam.However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today.
If spammers are forced to show a correct source domain, other filtering techniques can work more effectively.
In particular, the source domain can feed into a reputation system
Reputation system
A reputation system computes and publishes reputation scores for a set of objects within a community or domain, based on a collection of opinions that other entities hold about the objects...
to better identify spam.
Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered.
If a receiving system has a whitelist of known good sending domains, either locally maintained or from third party certifiers, it can skip the filtering on signed mail from those domains, and perhaps filter the remaining mail more aggressively.
Anti-Phishing
DKIM can be useful as an anti-phishingPhishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
technology. Mailers in heavily phished domains can sign their mail to show that it is
genuine. Recipients can take the absence of a valid signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of scrutiny remains an open question; DKIM will have an optional feature called ADSP that lets authors that sign all their mail self-identify, but the effectiveness of this approach remains to be tested.
Working with eBay and PayPal, Google has effectively utilized DKIM in GMail in such a way that any e-mail that claims to be coming from ebay.com or paypal.com will not be accepted at all if they cannot be verified successfully with DKIM. Such messages won't even appear in the Spam folder.
Compatibility
Because it is implemented using DNS records and an added RFC 5322 header field, DKIM is compatible with the existing e-mail infrastructure. In particular, it is transparent to existing e-mail systems that lack DKIM support.This design approach also is compatible with other, related services, such as the S/MIME
S/MIME
S/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc...
and OpenPGP content-protection standards.
DKIM is orthogonal to, and compatible with, the DNSSEC
DNSSEC
The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks...
standard and with SPF
Sender Policy Framework
Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
.
Protocol overhead
DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in computational overhead not otherwise required for e-mail delivery. This additional computational overhead is a hallmark of digital postmarks, making sending bulk spam more (computationally) expensive.Weaknesses
DKIM signatures do not encompass the message envelope, which holds the return-path andmessage recipients. Since DKIM does not attempt to protect against mis-addressing, this does not affect its utility.
A concern for any cryptographic solution would be message replay
abuse, which bypasses techniques that currently limit the level of abuse from larger domains.
Replay can be inferred by using per-message public keys, tracking the DNS queries for those keys and filtering out the high number of queries due to e-mail being sent to large mailing lists or malicious queries by bad actors.
For a comparison of different methods also addressing this problem see e-mail authentication
E-mail authentication
Email authentication is the effort to equip messages of the email transport system with enough verifiable information, so that recipients can recognize the nature of each incoming message automatically...
.
Arbitrary forwarding
As mentioned above, authentication is not the same as abuse prevention: DKIM doesn't prevent a spammer from composing an ad at a reputable domain so as to obtain a signed copy of the message. Using an l tag in a signature makes doctoring such messages even easier. The signed copy can then be forwarded to millions of recipients, e.g. through a botnetBotnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
, without control. The email provider who signed the message can block the offending user, but cannot stop the diffusion of already signed messages. The validity of signatures in such messages can be limited by always including an expiration time tag in signatures, or by revoking a public key periodically or upon a notification of an incident. Effectiveness of the scenario can be limited by filtering outgoing mail, ensuring that messages potentially useful to spammers are not being signed, or just not sent.
Content modification
DKIM currently features two canonicalization algorithms, simple and relaxed, neither of which is MIMEMIME
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...
-aware. Mail servers can legitimately convert to a different character set, and often document this with X-MIME-Autoconverted header fields. In addition, servers in certain circumstances have to rewrite the MIME structure, thereby altering the preamble, the epilogue, and entity boundaries, any of which breaks DKIM signatures. Only plain text messages written in us-ascii
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
, provided that MIME header fields are not signed, enjoy the robustness that end-to-end integrity requires.
These problems are exacerbated when filtering or relaying software adds actual changes to a message. Although legitimate, the footer addition operated by most mailing lists
Electronic mailing list
An electronic mailing list is a special usage of email that allows for widespread distribution of information to many Internet users. It is similar to a traditional mailing list — a list of names and addresses — as might be kept by an organization for sending publications to...
and many central antivirus
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
solutions, formally, are exactly the kind of message tampering that DKIM has been designed to guard against.
The solution is to whitelist known forwarders, e.g. by SPF
Sender Policy Framework
Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
. Alternatively, a forwarder can verify the signature, modify the e-mail, and re-sign the message with a Sender: header. However, it should be noted that this solution has its risk with forwarded 3rd party signed messages received at SMTP receivers supporting the RFC 5617 ADSP protocol. Thus, in practice, the receiving server still has to whitelist known message streams, i.e. by DKIM.
Some suggest that these limitations could be addressed by combining DKIM with SPF, because SPF (which breaks when messages are forwarded) is immune to modifications of the e-mail data, and mailing lists typically use their own SMTP error address, also known as Return-Path. In short, SPF works without problems where DKIM might run into difficulties, and vice versa.
Protocol overhead
DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in computational overhead not otherwise required for e-mail delivery.See also
- E-mail authenticationE-mail authenticationEmail authentication is the effort to equip messages of the email transport system with enough verifiable information, so that recipients can recognize the nature of each incoming message automatically...
- DomainKeysDomainKeysDomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail...
- Sender Policy FrameworkSender Policy FrameworkSender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
(SPF) - Author Domain Signing Practices (ADSP)
- S/MIMES/MIMES/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc...
- OpenPGP
- Vouch by ReferenceVouch by ReferenceVouch by Reference is a protocol used in Internet mail systems for implementing sender certification by third-party entities. Independent certification providers vouch for the reputation of senders by verifying the domain name that is associated with transmitted electronic mail...
External links
- DomainKeys Identified Mail (DKIM)
- IETF DKIM working group (started 2006, concluded 2011)
- DKIM Specifications
- RFC 4686 Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
- RFC 4871 DomainKeys Identified Mail (DKIM) Signatures Proposed Standard
- RFC 5617 DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)
- RFC 5585 DomainKeys Identified Mail (DKIM) Service Overview
- RFC 5672 RFC
4871 DomainKeys Identified Mail (DKIM) Signatures -- Update - RFC 5863 DKIM Development, Deployment, and Operations
- RFC 6376 DomainKeys Identified Mail (DKIM) Signatures Draft Standard
- RFC 6377 DomainKeys Identified Mail (DKIM) and Mailing Lists
- DKIM Information and tools
- Internet Messaging Leaders Work Together to Fight Email Fraud
- DKIM Software and Services Deployment Reports
- DKIM-Reputation Project Open reputation data on sender domains
- DKIM implementation for quick integration with javamail (BSD license)
- DKIM installation for Exim Tutorial for installing DKIM for outbound messages using Exim
- DKIM Signature and verification using DKIMproxy DKIM protocol description and integration with Postfix on Debian
- Blog entry describing DKIM
- DKIM signer/verifier drop-in replacement for qmail-queue
- Domain Keys Identified Mail (DKIM) DNS Record Generator
- OpenDKIM Open source DKIM library and signing/verifying filter for Sendmail and Postfix