0680_1155DomainKeys is an e-mail authentication program developed to confirm the DNS domain of an E-mail sender along with the message integrity. The DomainKeys specification has adopted aspects of Identified Web Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM). This merged specification is definitely the basis for an IETF Functioning Group which plans to guide the specification towards becoming an IETF normal.

In contrast to some other methods it provides nearly end-to-end integrity from a signing to a verifying Mail transfer agent (MTA). In most cases the signing MTA acts on behalf of the sender, and the verifying MTA on behalf from the receiver.

DomainKeys is independent of Uncomplicated Mail Transfer Protocol (SMTP) routing elements, it operates around the RFC 2822 message, the transported mail data, header and physique, not the SMTP envelope defined in RFC 2821.

Note that DomainKeys does not protect against abusive behavior; rather, it permits it to become tracked and detected much more simply. This capability to protect against some forgery also has positive aspects for recipients of E-mails as well as senders, and “DomainKey awareness” is programmed into some E-mail computer software.

Considering that 2004, Yahoo! has signed all of its outgoing E-mail with DomainKeys and is verifying all incoming mail. As of 2005, Yahoo! reports that the amount of DomainKeys-verified e-mail they receive exceeds 300 million messages every day.
Google also utilizes DomainKeys to sign emails sent from users of its Gmail service; actually going reside with it about a month just before Yahoo! did. The ISP EarthLink also makes use of DomainKeys.

How it performs

DomainKeys adds a header named “DomainKey-Signature” that contains a digital signature in the contents in the mail message. The default parameters for the authentication mechanism are to make use of SHA-1 as the cryptographic hash and RSA because the public essential encryption scheme, and encode the encrypted hash working with Base64.

The receiving SMTP server then makes use of the name in the domain from which the mail originated, the string _domainkey, along with a selector from the header to perform a DNS lookup; the returned information contains that domain’s public essential. The receiver can then decrypt the hash value in the header field and at the similar time recalculate the hash worth for the mail physique that was received, in the point right away following the “DomainKey-Signature:” header. In the event the two values match, this cryptographically proves that the mail did actually originate in the purported domain, and has not been tampered with in transit.


DomainKeys was created by Mark Delany of Yahoo!. Lots of other folks which includes Russ Nelson of qmail, Eric Allman of sendmail, and John R. Levine from the ASRG supplied comments and wrote prototype implementations.

DomainKeys is covered by U.S. Patent 6,986,049 assigned to Yahoo!. Yahoo! have released DomainKeys under a dual license scheme. The regular corporate oriented royalty-free, nonexclusive, relicensable patent license which is created to be friendly to open supply and no cost application implementations and under GPL 2.0 for the goal on the DKIM IETF Functioning Group.

Identified World-wide-web Mail, on which DKIM was also based, was proposed by Jim Fenton and Michael Thomas of Cisco.

Licensed under the GNU Free Documentation License. It uses materials from the Wikipedia.

Leave a Reply

Your email address will not be published. Required fields are marked *