DomainKeys Identified Mail (DKIM) Service Overview
RFC 5585
|
| Document |
Type |
|
RFC - Informational
(July 2009; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 5585 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Pasi Eronen
|
|
Send notices to |
|
stephen.farrell@cs.tcd.ie
|
Network Working Group T. Hansen
Request for Comments: 5585 AT&T Laboratories
Category: Informational D. Crocker
Brandenburg InternetWorking
P. Hallam-Baker
Default Deny Security, Inc.
July 2009
DomainKeys Identified Mail (DKIM) Service Overview
Abstract
This document provides an overview of the DomainKeys Identified Mail
(DKIM) service and describes how it can fit into a messaging service.
It also describes how DKIM relates to other IETF message signature
technologies. It is intended for those who are adopting, developing,
or deploying DKIM. DKIM allows an organization to take
responsibility for transmitting a message, in a way that can be
verified by a recipient. The organization can be the author's, the
originating sending site, an intermediary, or one of their agents. A
message can contain multiple signatures from the same or different
organizations involved with the message. DKIM defines a domain-level
digital signature authentication framework for email, using public-
key cryptography, with the domain name service as its key server
technology (RFC 4871). This permits verification of a responsible
organization, as well as the integrity of the message contents. DKIM
also enables a mechanism that permits potential email signers to
publish information about their email signing practices; this will
permit email receivers to make additional assessments about messages.
DKIM's authentication of email identity can assist in the global
control of "spam" and "phishing".
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Hansen, et al. Informational [Page 1]
RFC 5585 DKIM Service Overview July 2009
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction ....................................................3
1.1. DKIM's Scope ...............................................4
1.2. Prior Work .................................................5
1.3. Internet Mail Background ...................................6
2. The DKIM Value Proposition ......................................6
2.1. Identity Verification ......................................7
2.2. Enabling Trust Assessments .................................7
2.3. Establishing Message Validity ..............................8
3. DKIM Goals ......................................................8
3.1. Functional Goals ...........................................9
3.2. Operational Goals .........................................10
4. DKIM Function ..................................................12
4.1. Basic Signing .............................................12
4.2. Characteristics of a DKIM Signature .......................12
4.3. The Selector Construct ....................................13
4.4. Verification ..............................................13
4.5. Sub-Domain Assessment .....................................13
5. Service Architecture ...........................................14
5.1. Administration and Maintenance ............................15
5.2. Signing ...................................................16
5.3. Verifying .................................................16
5.4. Unverified or Unsigned Mail ...............................16
5.5. Assessing .................................................17
5.6. DKIM Processing within an ADMD ............................17
6. Considerations .................................................17
6.1. Security Considerations ...................................17
6.2. Acknowledgements ..........................................17
7. Informative References .........................................18
Appendix A. Internet Mail Background .............................20
A.1. Core Model ................................................20
A.2. Trust Boundaries ..........................................20
Index .............................................................22
Show full document text