Tuesday, May 20, 2008

DKIM SIMPLIFIED Part 1 of 2

DKIM SIMPLIFIED ( Part 1 – Introduction/Functional understanding)

Hope you guys have a good understanding on the video posted previously. I am also hoping that I had understanding it well so as not to mess it up on a summary write up here. I will do a summary with Introduction, the functional & technical overview.

Introduction

Domain Key Indentified Mail (DKIM) is a signature/cryptography based authentication technology based on Yahoo!s DomanKeys e-mail authentication technology and Cisco’ Identified Mail. DKIM provide recipient of mail a better way of checking the authenticity of the source of the mail. Beside DKIM, there are also Sender Policy Framework (SPF), Sender ID, etc. But SPF and SenderID are path based and DKIM is the main cryptography based authentication method. DKIM used private and public key for verification which is the key different to the other technology. With the usage of private key, it is not possible for spammer or unauthorized personnel to steal the identity of a particular domain. It is important to know that DKIM work on the domain portion and doesn’t verify on who is sending the mail behind the domain.

Functional Overview

It is relatively simple to understand how DKIM work. Taking the below example;
John sent Mary a mail. In the mail, he attached a public key. When Mary received the mail, she would use the public key to verify against the private key. Since it is a private key, only John has it and only if the two key matches each other, then it is proven that the mail had indeed been sent by John. If during transition, the mail has been tamper or if the public key do not match the private key the receiving MTA checking for DKIM signature will discard the mail.

The benefit of deploying DKIM is huge and one important reason that explains the rapid increase of use in DKIM is that it is free! With the increasing number of organizations and companies using DKIM, user are able to see less spam in their inbox as these would be drop before being process by the mail server. These also help improve the performance of the mail server and network traffic. With DKIM, spammer would have a hard time spoofing the identity of a sender domain and the integrity of the mail received is also maintained.

(End Part 1 of 2)

No comments: