- DKIM stands for ‘Domain Keys Identified Mail’
- Anti-phishing measure
- DKIM typically represented by 3 server DNS records
- Prevents illicit impersonation of a legitimate website domain
- Introduces ‘Digital Signature schemes’
- Enforces public key cryptography on emails
Suppose Chuck wants to trick Alice, who works for example.com, into sending him confidential company information. He could send her an email that seems to be coming from “bob@example.com” to fool her into thinking he also works for example.com.
DKIM, along with Sender Policy Framework (SPF) and Domain-based Message Authentication Reporting and Conformance (DMARC), makes it much more difficult for attackers to impersonate domains in this way
source: Cloudflare
How does it work?
- DKIM system comprised of 2 components:
- Server DKIM DNS record
- Actual DKIM header per-email
- Email Service provider generates public and private crypto key
- Hands generated public key to DNS domain name holder to store against domain as ‘DKIM’ record
- From then on, every time an email is sent from that domain:
- Email Service Provider embeds a ‘DKIM’ header in the message header
- DKIM section in header contains a string or identifier signed with the ESP’s secret key
- Email Service Provider embeds a ‘DKIM’ header in the message header
- Recipient mail server will look up sender’s DNS server from ‘from’ address
- Looks for ‘DKIM’ record and uses public key to decrypt the ‘DKIM’ message header it has recieved
- What is left after attempted decryption process determines whether or not the email has been tampered with in transit or is suspicious with regards to domain impersonation
- Looks for ‘DKIM’ record and uses public key to decrypt the ‘DKIM’ message header it has recieved