We have recently looked at how hackers and spammers can send forged email and then seen how these forged messages can be almost identical to legitimate messages from the purported senders. In fact, we learned that generally all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server — as this cannot realistically be forged in any way that would still enable you to receive the message.
In our last post in this series, we examined how SPF can be used to help weed out forged email messages based on validating if a message was sent by an approved server by looking at the IP address delivering the email message to you. We found that while SPF can work, it has many significant limitations that cause it to fall far short of being a panacea.
So — besides looking at the sending server IP address — what else can we do to determine of a message was forged?
It turns out that there is another way — through the use of encryption techniques and digital signatures — to have the sender’s servers transparently “sign” a message in a way that you can verify upon receipt. This is called DKIM.
DKIM – Domain Keys Identified Mail: A Simple Explanation
DKIM stands for “Domain Keys Identified Mail” … or, re-writing this more verbosely, “Domain-wide validation Mail Identity through use of cryptographic Keys”. To understand DKIM, we need to back up for a second and look at what we mean by “cryptographic keys” and how that can be used.
Read the rest of this post »