DomainKeys

DomainKeys is an identification protocol to ensure the authenticity of e- mail senders, which was developed by Yahoo, and since the end of 2004 is in testing. It was designed to assist in the mitigation of unwanted e -mail as spam or phishing.

DomainKeys was originally published under the title of Domain -Based Email Authentication Using Public Keys Advertised in the DNS ( DomainKeys ) in RFC 4870 under the title DomainKeys Identified Mail ( DKIM ) Signatures by RFC 4871 and RFC 6376 later replaced.

Operation

DomainKeys is based on asymmetric encryption. The e -mail is provided with a digital signature, which allows the receiving server using the public key, the name system (DNS ) of the domain is available in the domain verify. If this fails, the receiving mail has transfer agent ( MTA ) or the receiving application program the opportunity to refuse the e-mail or sort out.

Essence of the method is that the sending MTA provides each sent e -mail in the " DomainKey - Signature header " with a digital signature of the content of the email.

For the generation of the hash value necessary for signature DKIM supports the hash function SHA-1 and SHA-256, the use of the latter is recommended. The subsequent encryption of the hash value, which ultimately has the digital signature to the result is realized in both cases with the RSA encryption method. In order that the signature can be represented using the ASCII character set used in the e- mail delivery, it is encoded with Base64.

The digital signature is generated so by the receiving MTA initially base64 decoded and then (eg yahoo.com ) decrypted with the public key of the alleged sender domain, the hash code of the email will be recalculated. Voices of the delivered decrypted and the self-calculated hash code consistent, really from the e -mail from the specified domain. The used or the public key (s) will be published this in the DNS record of the sending domain. That is, the DNA functions as a certificate authority. So A signed using DomainKeys e- mail provides the ability to securely verify whether the domain in the e -mail sender address is correct and that the email has not been altered on the way of delivery.

Spam filtering

Since it is an authentication mechanism for DomainKeys, DomainKeys is not intended to filter spam. Instead, limited DomainKeys the ability to obfuscate email addresses in your email as you may find with DomainKeys, whether an e -mail was actually sent over the specified domain.

This traceability can be used to make rating systems and filtering techniques by spam filters more effective. In addition, DomainKeys can limit the data theft by phishing, since participating mail senders can certify their e- mails as originals. The absence of such certification, although the supposed sender claims to certify his e- mails, then the email will be considered as a possible forgery.

Licensing

Yahoo has patented the process and submitted to the IETF for standardization. The method has now been accepted as a standard RFC 4871.

The DomainKeys process may vary from Yahoo either under the terms of the GPL 2.0 or the terms of the proprietary Yahoo DomainKeys Patent License Agreement are licensed and used.

The DomainKeys procedures after the failure of the standardization of Microsoft's Sender ID - was in which no GNU license, thought - good opportunities granted to establish itself alongside the Sender Policy Framework (SPF ) on the Internet.

Support

The DomainKeys method requires major modifications to the mail server - make appropriate adjustments currently exist for almost all popular mail transfer agent. Currently, the DomainKeys method is only supported by very few providers; known larger providers that use DomainKeys, are Yahoo and Gmail.

The problem with this and all other methods of ensuring the sender's authenticity is that it will take a long time to spread such a system, since the software first needs to be adjusted and then still have to come to the mail servers to use.

Developments

In July 2005 a joint draft document entitled DomainKeys Identified Mail ( DKIM ) was submitted to the IETF by Cisco and Yahoo. This proposal has now been supported by other giants of the IT industry, including Microsoft and AOL also by those who proposed as an alternative solution SPF. DKIM was published in May 2007 as RFC 4871, replacing the previous draft RFC 4870th