Email Security Blog

DMARC Deployment Tips & Tricks: Domain Keys and DKIM

Danielle Tristao September 16, 2014 DMARC
Fallback Featured Image

This is the second in a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment . Read the previous tip here

What are the differences between DomainKeys (DK) and DKIM? 

DomainKeys Identified Mail (DKIM) is the successor to Yahoo DomainKeys. Both share similarities, however DKIM has the additional aspects of Cisco’s Identified Internet Mail standard (IIM). The enhancements to this standard gives more security and flexibility then DomainKeys alone. Some of the main DKIM positives are the following:

  • Allows for multiple signature algorithms (DK only allows one)
  • Has more options which would allow you to validate both header and body.
  • Allows third parties to sign.
  • Allows self-sign the DKIM-Signature header field (helps protect against modification)
  • Gives you the option to use wildcard on some parameters.
  • Supports signature timeouts in DNS.

From DKIM.org

DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence. The identifier is independent of any other identifier in the message, such in the author’s From: field.

The first version synthesized and enhanced Yahoo!’s DomanKeys and Cisco’s Identified Internet Mail specifications. It was the result of a year-long collaboration among numerous industry players, during 2005, to develop an open-standard e-mail authentication specification. Participants included Alt-N Technologies, AOL, Brandenburg InternetWorking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo!. The team produced the initial specification and several implementations. It then submitted the work to the IETF for further enhancement and formal standardization.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

mobile image