|
DomainKeys and DomainKeys Identified Mail (DKIM)
DomainKeys (DK), and it's successor, DomainKeys Identified Mail (DKIM), are similar
technologies which make up one of the
two primary email authentication methods
in use today (the other being SPF/SenderID technology.)
Invented by Yahoo, DomainKeys and DomainKeys Identified Mail validate the senders of email in
order to prevent phishing,
and to allow the sender's reputation to affect email delivery by giving reputable senders
easier access to a recipients inbox, and allowing more aggressive spam filtering/blocking for
disreputable or unknown senders.
The technology also verifies that the contents of the message have
not been altered in transit from the original sender.
History
In 2004, Yahoo first implemented DomainKeys as a way to authenticate
messages sent from its customers,
and to verify the identity of the senders of the email messages that Yahoo received. Google also
implemented DomainKeys on a trial basis around the same time in 2004. DomainKeys was initially
submitted as a standard to the Internet Engineering Task Force ("IETF"), the governing body for
standardizing internet protocols, as RFC 4870. DomainKeys is covered by U.S. Patent 6,986,049, and
has been made available on a royalty-free, nonexclusive, relicensable basis.
At around the same time, Cisco Systems was developing its own standard for email authentication
called Internet Identified Mail ("IIM"). In 2004, Cisco presented its proposed IIM standard at the
Federal Trade Commission Spam Summit, and submitted its Internet Identified Mail draft standard to
the IETF.
In 2005 and 2006, Yahoo and Cisco joined forces and began collaboration on a unified email authentication
standard which combined Yahoo's DomainKeys and Cisco's Internet Identified Mail standards.
Meanwhile, Yahoo and Google continued their use of DomainKeys, increasingly relying upon
DomainKeys for sender authentication for inbound email to determine email delivery.
In May 2007, the combination of Yahoo's DomainKeys and Cisco's Internet Identified Mail --
DomainKeys Identified Mail ("DKIM") -- was officially released as an IETF
"proposed interenet standard" in RFC 4871.
Technology
DomainKeys allows email messages and their senders to be authenticated by the sender of
an email message creating a digital signature from the entire message's contents and a
private key from a RSA public/private key pair.
The resulting digital signature is included as a special header field in the email message:
Received: from s4070.ms00.net (s4070.ms00.net [216.39.116.70])
by mx.someplace.com (Postfix) with ESMTP id 7F0C7F9B7
for <recipient@someplace.com>; Wed, 28 Nov 2007
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=q22005; d=reply.ms00.net;
b=g0dyPjlsc8ueAAXk1Z3fb49kBsXLriPlThYR3NqvY8c+4s3Cc+YUB+NM3VL2...;
Received: (from daemon@localhost)
by s4070.ms00.net (8.8.8/8.8.8) id MAA44037;
Wed, 28 Nov 2007 12:49:29 -0800 (PST)
The receiver of the message retrieves the sender's public key through DNS of the sender's
domain ("domain" + "keys" = "DomainKeys"), and decrypts the signature to determine if the email message received corresponds to its
signature. If so, the message and sender are deemed authentic, and the sender's reputation can
then be used to determine the message's delivery status. Messages coming from reputable senders
have a higher likelihood of being delivered, while messages coming from disreputable senders
or messages with missing or invalid signatures will have a lower likelihood of being delivered.
Note that for personalized email messages
in an email campaign, each email message's signature will necessarily
be different. Savicom fully supports uniquely signed individual messages with its
personalized email and dynamic email content features.
Importance
In addition to Google and Yahoo, other ISPs and webmail providers are adopting DomainKey
and DKIM authentication to verify senders' identity. Increasingly, sender's identity and reputation
are being used to affect deliverability, so that the presence of an email authentication
technology like DomainKeys/DKIM is becoming more and more important to ensure
delivery of email messages and to
prevent spam filtering or blocking. In addition to authentication technologies like
DomainKeys and Domain Keys Identified Mail,
it is important to select an email service provider like Savicom which maintains a good
reputation and strong relationships with ISPs and web-based email providers.
Support for DomainKeys is provided in all Savicom Products:
See the complete list of Savicom features and capabilities for
all of Savicom's solutions.
|
