Jump to content

DomainKeys Identified Mail

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Davecrocker (talk | contribs) at 16:57, 6 May 2009 (Further tweak Compatibility section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message, in a way that can be validated by a recipient. The organization can be a direct handler of the message, such as the author, the originating sending site or an intermediary along the transit path. It can also be an indirect handler, such as an independent service that is providing assistance to a direct handler. The need for this type of authentication originally arose because spam often has forged content. For example, a spam message may claim in its "From:" header field to be from sender@example.com, when in fact it is not from that address, and the spammer's goal is to convince the recipient to accept and to read the email. Because the email is not actually from the example.com domain, complaining there is not useful. It also becomes difficult for recipients to establish whether to trust or distrust any particular domain, and system administrators may have to deal with complaints about spam that appears to have originated from their systems, but didn't.

DKIM uses public-key cryptography to allow the signer to electronically sign legitimate emails in a way that can be verified by recipients. Prominent email service providers implementing DKIM include Yahoo and Gmail. Any mail from these organizations should carry a DKIM signature.[citation needed]

DKIM also guards against tampering with mail, offering end-to-end integrity from a signing module to a verifying module, such as a Mail transfer agent (MTA). In most cases the signing module acts on behalf of the author organization by inserting a DKIM-Signature header field, and the verifying module on behalf of the receiver organization, validating the signature by retrieving a signer's public key through the DNS.

DKIM is the result of merging DomainKeys and Identified Internet Mail This merged specification has been the basis for an IETF Working Group which has produced a series of standards-track specifications and support documents.

Overview

DKIM is a method of email authentication. Unlike some other methods, it offers end-to-end integrity from a signing module to a verifying module, such as a Mail Transfer Agent (MTA). In most cases the signing module acts on behalf of the sender organization and the verifying module on behalf of the receiver organization. DomainKeys is specified in Historic RFC 4870, which is obsoleted by Standards Track RFC 4871, DomainKeys Identified Mail (DKIM) Signatures.

DKIM is independent of Simple Mail Transfer Protocol (SMTP) routing aspects in that it operates on the RFC 5322 message — that is, the transported mail's header and body — not the SMTP envelope defined in RFC 5321.

Note that DKIM does not directly prevent or disclose abusive behavior; rather, it allows the signer to distinguish their legitimate mail stream. This ability to distinguish legitimate mail from potentially forged mail has benefits for recipients of e-mail as well as senders, and "DKIM awareness" is programmed into some email software.

How it works

DKIM adds a header field named "DKIM-Signature" that contains a digital signature of the contents (headers and body) of the mail message. The default parameters for the authentication mechanism are to use SHA-256 as the cryptographic hash and RSA as the public key encryption scheme, and encode the encrypted hash using Base64.

The receiving SMTP server then uses the name of the domain from which the mail originated, the string "_domainkey", and a selector from the DKIM-Signature field to perform a DNS lookup. The returned data includes the domain's public key. The receiver can use this to then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail was signed by the indicated domain and has not been tampered with in transit.

Signature verification failure does not force rejection of the message. Instead, the precise reasons why the authenticity of the message could not be proven should be made available to downstream and upstream processes. Methods for doing so may include sending back an FBL message, or adding an Authentication-Results header to the message as described in RFC 5451.

Development

DomainKeys was designed by Mark Delany of Yahoo! and enhanced through comments from many others, including Russ Nelson of the qmail community, Eric Allman of sendmail, Dave Crocker of Brandenburg InternetWorking, and John R. Levine of the ASRG.

DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the IETF DKIM Working Group, chaired by Barry Leiba and Stephen Farrell, with Eric Allman of sendmail, Jon Callas of PGP Corporation, Mark Delany and Miles Libbey of Yahoo!, and Jim Fenton and Michael Thomas of Cisco Systems attributed as primary authors.

DomainKeys is covered by U.S. patent 6,986,049 assigned to Yahoo!. Yahoo! released DomainKeys under a dual license scheme: the traditional corporate-oriented royalty-free, nonexclusive, relicensable patent license which is designed to be friendly to open source and free software implementations, and under GPL 2.0 for the purpose of the DKIM IETF Working Group.

Advantages

The primary advantage of this system for e-mail recipients is:

  • It allows the signing domain to reliably identify a stream of legitiumate email, thereby allowing domain-based blacklists and whitelists to be more effective.[1] This is also likely to make some kinds of phishing attacks easier to detect.

There are some incentives for mail senders to sign outgoing e-mail:

  • It allows a great reduction in abuse desk work for DKIM-enabled domains if e-mail receivers use the DKIM system to identify forged e-mail messages claiming to be from that domain.
  • The domain owner can then focus its abuse team energies on its own users who actually are making inappropriate use of that domain.

Use with spam filtering

Since DKIM is an authentication technology, it does not itself filter or identify spam. However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. If spammers are forced to show a correct source domain, then other filtering techniques can work more effectively. In particular, the source domain can feed into a reputation system to better identify spam. Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered. If a receiving system has a whitelist of known good sending domains, either locally maintained or from third party certifiers, it can skip the filtering on signed mail from those domains, and perhaps filter the remaining mail more aggressively.[2]

DKIM can be useful as an anti-phishing technology. Mailers in heavily phished domains can sign their mail to show that it is genuine. Recipients can take the absence of a signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of scrutiny remains an open question; DKIM will likely have an optional feature called ADSP that lets authors that sign all their mail self-identify, but the effectiveness of this approach remains to be tested.[3] [4]

Compatibility

Because it is implemented using DNS records and an optional RFC 5322 header field, DKIM is compatible with the existing e-mail infrastructure. In particular, it is transparent to existing e-mail systems that lack DKIM support.

This design approach also is compatible with other, related services, such as the S/MIME and OpenPGP content-protection standards. DKIM is orthogonal to, and compatible with, the DNSSEC standard and with SPF.

Weaknesses

DKIM signatures do not encompass the message envelope, which holds the return-path and message recipients. A concern for any cryptographic solution would be message replay abuse, which bypasses techniques that currently limit the level of abuse from larger domains. Replay can be inferred by using per-message public keys, tracking the DNS queries for those keys and filtering out the high number of queries due to e-mail being sent to large mailing lists or malicious queries by bad actors. For a comparison of different methods also addressing this problem see e-mail authentication.

Content modification in-transit

One of the problems with DKIM is that if the message is significantly modified en route by a forwarding mechanism such as a list server, then the signature may no longer be valid and, if the domain specifies that all e-mail is signed, the message may be rejected. Also many central antivirus solutions add a footer that the email has been scanned and the date of the virus signature files used in the scan. Some free email servers also add advertisements at the bottom of the emails. (The solution is to whitelist e-mail from known forwarders, or for the forwarder to verify the signature, modify the e-mail, and resign the message with a Sender: header.) Many domains, however, say that only some of their e-mail is signed, and so a missing or broken signature can not always be used to reject e-mail. (The solution is to sign all your e-mail.) If the only modifications en-route involve the addition or modification of headers before the DKIM-Signature: header, the signature should remain valid; also the mechanism includes features that allow certain limited modifications to be made to headers and the message body without invalidating the signature.

Some suggest that this limitation could be addressed by combining DKIM with SPF, because SPF (which breaks when messages are forwarded) is immune to modifications of the e-mail data, and mailing lists typically use their own SMTP error address aka Return-Path. In short, SPF works without problems where DKIM might run into difficulties, and vice versa.

Mailing lists that add or change content also effectively invalidate DKIM signatures. Yahoo! suggested that the mailing list should re-sign the message itself under these circumstances, thus in effect taking responsibility for the message.

Protocol overhead

DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in computational overhead not otherwise required for e-mail delivery.

See also

References

  • Domain Keys Identified Mail (DKIM)
  • IETF DKIM working group (started 2006)
  • RFC 4871 - The DKIM Base Specification
  • DKIM Author Domain Signing Practices (ADSP), submitted for RFC publication
  • DKIM Service Overview, submitted for RFC publication
  • Internet Messaging Leaders Work Together to Fight Email Fraud
  • DKIM Software and Services Deployment Reports
  • DKIM-Connector Tool to simplify DKIM deployment
  • DKIM installation for Exim Tutorial for installing DKIM for outbound messages using Exim
  • DomainKeys on cPanel Implementing DomainKeys on a cPanel powered server
  • Domain Keys Identified Mail (DKIM)
  • DKIM signer/verifier drop-in replacement for qmail-queue
  • Domain Keys Identified Mail (DKIM) DNS Record Generator
  • Crocker, Dave (2008), Trust in Email Begins With Authentication (PDF), Messaging Anti-Abuse Working Group {{citation}}: Unknown parameter |month= ignored (help)