Posted On:DKIM Archives - Emailexplained.com
Domain Key Identification Mail, abbreviated as DKIM, is am email authentication framework which uses public-key cryptography and key server technology to verify the sender and content of an email. The authentication is done using either Mail Transfer Agents or Mail User Agents. It basically allows a sender to associate a domain name with a message, therefore confirming its authenticity.
The process involves digitally signing an e-mail in an additional ‘signature’ field in the header of the message. Using an algorithm, the sending Mail Transfer Agent generates a signature. This is then applied to the signed fields to create a unique string of characters called a ‘hash value’.
As the signature is generated, the public key that was used to generate it is stored at the listed domain. Once the message reaches its recipient, the MTA recovers the signer’s public key through DNS. The MTA then uses this public key to decrypt the hash value in the e-mail’s header and at the calculates the hash value for the message it received. If the two hash values match, the authenticity of the e-mail is confirmed.
DKIM is useful in the prevention of phishing. This is where a culprit uses an e-mail address to impersonate an individual or an organisation to acquire important information such as bank details.