DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The identity is independent of other email identities, such as the author's From: field.

Links:

Signing Specification

•

Products & Services

•

IETF

Introduction

DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence. The identifier is independent of any other identifier in the message, such in the author's From: field.

The first version of DKIM synthesized and enhanced Yahoo!'s DomanKeys and Cisco's Identified Internet Mail specifications. It was the result of a year-long collaboration among numerous industry players, during 2005, to develop an open-standard e-mail authentication specification. Participants included Alt-N Technologies, AOL, Brandenburg InternetWorking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo!. The team produced the initial specification and several implementations. It then submitted the work to the IETF for further enhancement and formal standardization.

The result is a set of IETF specifications and supporting documentation.

DKIM 3-slide Teaser, D. Crocker
» pdf, ppt

Frequently Asked Questions
» FAQ

Wikipedia entry
» DKIM

Three myths about DKIM, J. Levine

DKIM News

Technical Introductions
- Service Overview
- Development, Deployment and Operations

Discussion
- Standardization — IETF work
- Deployment — Using the specs

DKIM, Roman Valls Guimerà, esCERT —
Introduction, examples and analysis, countering the myth that DKIM is expensive
» pdf, odp

Press Contacts

A number of organizations have offered Press Contacts for matters relating to DKIM.

Documents

The current specifications are recommended for immediate use:

DKIM Service Overview, RFC 5585
» html, pdf, txt
DKIM Signatures
» RFC 6376
DomainKeys Identified Mail (DKIM) Development, Deployment and Operations, RFC 5863
» html, txt
DKIM Author Domain Signing Practices (ADSP)
» RFC 5617

Deployment

Implementations

See this list of Organizations Providing Software, Hardware or Services with DKIM.

Consulting

See this list of Consulting Services for assisting with DKIM development or deployment and use

Operations

An operations-related mailing list is available: dkim-ops.

Development

For general discussion with other DKIM developers, join the dkim-dev mailing list.

For quick questions to developers primarily active with OpenDKIM, there is an #dkim IRC channel at efnet.org.

Enhancement

Related Work

IETF REPUTE Working Group

Reporting of DKIM Verification Failures, draft-kucherawy-dkim-reporting » txt

Abuse Feedback Reporting Format (ARF) » home

Message Header Field for Indicating Message Authentication Status (Auth-Results) » txt » mailing list

Vouch By Reference (VBR) » home

IPR

Yahoo's DomainKeys resulted in an Intellectual Property Rights claim concerning that applies to the DKIM specification.

Comments concerning this site should be sent to: webmaster@mipassoc.org