DomainKeys Identified Mail (DKIM): Using digital signatures for domain verification

Abstract

Email protocols were designed to be flexible and forgiving, designed in a day when Internet usage was a cooperative thing. A side effect of that is that they were not designed to provide protection against falsification of a message's address of origin, referred to today as "spoofing". DomainKeys Identified Mail (DKIM) defines a mechanism for using digital signatures on email at the domain level, allowing the receiving domain to confirm that mail came from the domain it claims to. In conjunction with the forthcoming DKIM sender signing practices specification, the receiving domain may also have more information for deciding how to treat mail without a valid signature. The use of DKIM signatures and signing practices gives sending domains one tool to help recipients identify legitimate messages from their domain, and a reliable identifier that can be used to combat spam and phishing.