What is DKIM?
Definition and its use for e-mail security
This article explains how DKIM authentication works, how it helps prevent email fraud, and how various email providers, such as Microsoft 365, implement their own DKIM settings to enhance security.
Table of Contents
What is DKIM (DomainKeys Identified Email)?
DKIM (DomainKeys Identified Mail) is a standard for authenticating mail by its sending domain. Using asymmetrical cryptography, it enables messages to be signed to guarantee their integrity, from sender to recipient. erification process that validates with a digital signature that an email came from the intended organization. Message signatures guarantee recipient servers that the sender is indeed part of the sending organization, and that the original message is intact (unaltered in transit).
Like DomainKey, DKIM specifies how to sign messages using asymmetric encryption, publishing public keys via DNS and entrusting the signing process to mail servers. When activated, DKIM validation happens automatically at the server level before ever reaching the recipient, authenticating the incoming email, so the receiver knows it’s legitimate and not malicious.
The difference between DomainKey and DKIM lies in the fact that the signatory can be different from the author and sender, the signature field is self-signed and the signature can include a validity period. DomainKey has been abandoned by Yahoo in favor of DKIM, which is becoming a standard.
Example
The 1024-bit DKIM public key for the yahoo.com domain is stored in the TXT field of the “s1024._domainkey.yahoo.com” entry: “k=rsa; t=y; p=MIGADCBiQKBgQD(…)B; n=A 1024 bit key;” This key is used to verify the authenticity of the signature in the e-mail (generated using the private key installed on the sending server). Example of a signature present in an email: “DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Message-ID; b=cuXRK(…)vazo=;”. This ensures that the mail comes from the advertised sending server and that the sending domain is not spoofed.
Applications
A correctly signed e-mail from a server using DKIM technology is unlikely to be spam. This gives a positive indication of the type of e-mail received. However, it is not impossible for spammers to use this technology to spread their spam. To complement this standard, mail servers will add DMARC and SPF signatures to messages sent.
– SPF: indicates which servers and domains are authorized to send messages on behalf of an organization.
– DMARC: checks the consistency of other SPF and DKIM indicators. DMARC verifies the correspondence between the sender’s domain and its official mail server. This ensures that there are no attempts at identity theft, phishing or spoofing. This standard makes signing emails from reliable.
How to use DKIM
Before the message reaches the recipient, it undergoes a process of authentication. The inbound mail server intercepts the message and fetches the sender’s public DKIM signature from the sender’s DNS (domain name system) records. It then compares the private and public signature to see if they match. If they do, the inbound mail server authenticates the email and delivers it to the recipient. Otherwise, it drops the message and causes the delivery to fail.
Each email provider generally uses their own DKIM signatures. Microsoft provides here some information regarding DKIM settings in Microsoft 365. You can also check out our support page for a guide on how to set up DKIM.
Learn about HORNETSECURITY’S SERVICES
Interested in Related Topics?
Did you like our contribution to DKIM? Then other articles in our knowledge base might interest you as well! We help you learn more about cybersecurity related topics such as Emotet, Trojans, IT Security, Cryptolocker Ransomware, Phishing, GoBD, Cyber Kill Chain and Computer Worms.