What is DKIM and how is it implemented?
- DomainKeys Identified Mail (DKIM) is an email security system aimed at preventing spoofed emails.
- It works by validating the identity of the domain name associated with the email through cryptographic authentication.
DomainKeys Identified Mail (DKIM) is an email security system that detects email spoofing and ensures the integrity of emails. It works by validating the identity of the domain name associated with the email through cryptographic authentication.
What is email spoofing?
Scammers often send emails by altering the sender's name and address to make it appear to be coming from a trusted contact. This technique is used to mislead victims into believing the email is legitimate.
How does DKIM detect email spoofing?
- Step I: Signing process - The sender needs to decide and allocate which elements should be included in the signing process. These elements need to remain unchanged or else, the DKIM authentication will fail for the forwarded email.
- Step II: Encryption process - Here, readable text is converted into a unique textual string through cryptography. The hash string is encrypted using a private key, is assigned to a unique combination of domain and selector. This allows users to create multiple private keys for the same domain. The email is sent after encryption and only the sender has access to the private key.
- Step III: Validation process - Upon receiving the emails, the mailbox provider runs a DNS query to find the public key for that domain/selector combination. This public key is unique and the only match for the private key assigned in the email. Also known as the keypair match, this enables the email provider to decrypt the DKIM signature back to the original hash string.
What does this prove?
Comparing the hash generated by DKIM with the decrypted hash from the DKIM signature, we know if:
a) DKIM domain really does own the email;
b) Elements of the email signed by DKIM were changed.
Benefits of DKIM
Even though DKIM is difficult to implement, it guarantees that the domain visible to the end user is the same as the domains validated by security systems--thereby ensuring email authentication. It also helps mailbox providers detect which emails should be held to the DKIM authentication standard and which shouldn’t.