Search Close
Email Security Blog

DomainKeys, DKIM and DMARC

Tomki Camp May 13th, 2014 DMARC
Fallback Featured Image

By Tomki Camp, Director of  Support & Services

DomainKeys, or DK, was a signing technique implementation which contributed/evolved into DomainKeys Identified Mail, or DKIM. Since development efforts shifted into working on DKIM in 2004, there have been many improvements and far broader adoption of DKIM in email services. All new uses of email signing should use DKIM rather than DK, as the accepted successor technology.

When a sender begins making use of DKIM, their domain’s email messages will have a DKIM-Signature header containing information about how the signing was performed, how long the signature is valid, what domain the signature is for, and a hash of the message’s body and headers which allows the receiving server to check that the message has not been tampered with.

As one of the basic technologies behind the much more recent DMARC efforts, use of DKIM is very important for email senders to employ at the server level. DMARC success can be achieved by having a message pass DKIM, where the signing domain in the DKIM-Signature header matches up with the domain in the message’s From header. Use of DK is actually not relevant to this result, and will not help messages pass DMARC.

An example DKIM-Signature header:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=agari.com; s=s1024;
h=sender:date:from:to:message-id:subject:mime-version:precedence:
content-type:content-transfer-encoding;
bh=3cmdkmUuVXovPzflJz/5SvoymWJCXdNuzZSJ/iFp2QE=;
b=CrvHtImJPDKWucWcLuPRG3ranEQs8oJhtKF=

In this example signature, assume that it verifies as being a valid signature for the message it is from. To also pass DMARC, the email address in the message’s From: header will have needed to be in the domain indicated by the signature’s d= tag: agari.com.

This restriction is called identifier alignment, and provides the visibility connection between the authentication protocol (DKIM in this case) and the sender information that most users see (the From header).

Learn more abut DKIM, SPF & DMARC here

For more details on DKIM specifically and related subjects may be found here

Official resources on DMARC are here

Leave a Reply

Your email will not be published. All fields are required.

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

July 17, 2018 AJ Shipley

5 Big Myths about DMARC, Debunked

July 2, 2018 Armen Najarian

Brand Impersonation Scams Skyrocketing—is DMARC Email Security the Answer?

mobile image