punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2009 2009-01-24 Roedy Green, Canadian Mind Products
DKIM uses DNS-based self-certified keys. Because the scope of DKIM is limited, it does not need generalized, powerful, expensive, long-term certificates, issued by separate certificate authorities. The sender generates private/public key pair for the domain as if for SSL. The sender broadcasts the public key to the Internet at large by registering it as a phony sub DNS name.
DKIM-signed messages don’t require the recipient to implement the signing protocol. Checking incoming mail is optional. It is implemented with an extra line in the header of the message of type DKIM-Signature that is usually ignored.
You might think the spammer could successfully spoof a domain simply by leaving the DKIM-Signature header off. But once the recipient knows that a domain supports DKIM, ever after he rejects all unsigned mail purporting to be from that domain. The spammer has to counterfeit a domain that does not sign with DKIM. That domain then becomes suspect, which encourages them to implement DKIM. If all goes well, everyone will eventually support DKIM, leaving the spammers no reputable domain to spoof.
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/jgloss/dkim.html | J:\mindprod\jgloss\dkim.html | |
 |  Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
 | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.191.101] | |
| Feedback | You are visitor number 11. | |