DKIM uses DNS-based self-certified keys. Because the scope of DKIM is limited, it does not need generalized, powerful, expensive, long-term certificates, issued by separate certificate authorities. The sender generates private/public key pair for the domain as if for SSL (Secure Sockets Layer). The sender broadcasts the public key to the Internet at large by registering it as a phony sub DNS name.
DKIM-signed messages don’t require the recipient to implement the signing protocol. Checking incoming mail is optional. It is implemented with an extra line in the header of the message of type DKIM-Signature that is usually ignored.
You might think the spammer could successfully spoof a domain simply by leaving the DKIM-Signature header off. But once the recipient knows that a domain supports DKIM, ever after he rejects all unsigned mail purporting to be from that domain. The spammer has to counterfeit a domain that does not sign with DKIM. That domain then becomes suspect, which encourages them to implement DKIM. If all goes well, everyone will eventually support DKIM, leaving the spammers no reputable domain to spoof.
available on the web at:
optional Replicator mirror
Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : . If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, especially when sending an ad-hominem attack, a rant composed mainly of obscenities or a death threat, please quote the offending passage and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. I can’t very well fix erroneous or ambiguous text if I can’t find it.
Your face IP:[184.108.40.206]
|Feedback||You are visitor number 11.|