First page Back Continue Last page Graphics
DKIM Technology
Signature transmitted in DKIM-Signature header field
- DKIM-Signature is self-signed
- Signature includes the signing identity (not inherently tied to envelope, From:, Sender:, or any other header)
Initially, public key stored in DNS (new RR type, fall back to TXT) in _domainkey subdomain
- Extensible to other key delivery mechanisms
Namespace divided using selectors, allowing multiple keys for aging, delegation, etc.
- Example: selectors for departments, date ranges, or third parties
Sender Signing Policy lookup for unsigned, improperly signed, or third-party signed mail