Stopping Forged Email 2: DKIM to the RescueMonday, February 23rd, 2015
In our last post in this series, we examined how SPF can be used to help weed out forged email messages by validating if a message was sent from an approved server by looking at the IP address delivering the email message. While SPF can work, it has many significant limitations that cause it to fall far short of being a panacea.
So — besides looking at the sending server IP address — what else can we do to determine if a message was forged?
It turns out that there is another way. By using encryption techniques and digital signatures, the sender’s servers can transparently “sign” a message in a way that you can verify upon receipt. This is called DKIM.
DKIM – Domain Keys Identified Mail: A Simple Explanation
DKIM stands for “Domain Keys Identified Mail.” This stands for “Domain-wide validation Mail Identity through use of cryptographic Keys.” To understand DKIM, we need to pause and look at what we mean by “cryptographic keys” and how they can be used.
Read the rest of this post »