What is DKIM | How DKIM Works | Prevention From Email Spoofing
By Prempal Singh
DKIM stands for DomainKeys Identified Mail is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain or not. DKIM is an email security system that detects email spoofing and ensures the integrity of emails.
A Digital signature is given to the email. DKIM signature is a header that is included in the message, all this is possible through cryptographic authentication.
History of DKIM
DKIM was formed by merging two existing specifications Domain Keys (created by Yahoo) and Identified Internet Mail (from Cisco) in 2004.
It developed into a new widely adopted authentication technique which was also registered as an RFC by the IETF. All dominant ISP’s (such as Google, Microsoft, and Yahoo) check incoming mail for DKIM signatures.
Before getting started for how DKIM works let’s know about email spoofing.
What is Email Spoofing?
Email spoofing, the word spoof means falsify. Email spoofing is a technique of email messages with a forged sender’s name and addresses to make it appear to be coming to a trusted source. This technique is usually used in phishing and spam campaigns.
How does DKIM Prevent email spoofing?
Signing process
In this step of the process, the sender needs to decide and allocate elements that should be included in the signing process. They can include header and body or just on one or more parts of the email header. Whatever they include in the DKIM signing process, they need to remain unchanged or else, the DKIM signature will get unsuccessful authentication for the forwarded email.
Encryption process
Here the process of encryption has taken place basically, in this step the plain text gets converted into a unique string known as a hash, of the part of email. The hash string is encrypted by a private key. This private key is assigned to a unique combination of domain and selector. This allows a user to create multiple private keys for the same domain. The email is sent after encryption and this can only accessible by the sender.
Validation process
The Receiver of the emails sees that it has a DKIM signature, the mailbox provider runs a DNS query to get the public key for that domain/selector combination. The public key is the only match for the private key assigned in the email, known as “keypair match” which enables the email provider to decrypt the DKIM signature back to the original hash string.
Why it’s Important?
DKIM signatures are validated by email provider can use information about the signer as part of a program to limit spam, spoofing, and phishing, although DKIM does not tell receivers to take any specific actions. The issue with DKIM is that because it’s difficult to implement, but It a good way to prevent email spoofing.