DomainKeys Identified Mail (DKIM) Service Overview
RFC 5585
Document Type RFC - Informational (July 2009; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5585 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Pasi Eronen
Send notices to stephen.farrell@cs.tcd.ie
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          T. Hansen
Request for Comments: 5585                             AT&T Laboratories
Category: Informational                                       D. Crocker
                                             Brandenburg InternetWorking
                                                         P. Hallam-Baker
                                             Default Deny Security, Inc.
                                                               July 2009

           DomainKeys Identified Mail (DKIM) Service Overview

Abstract

   This document provides an overview of the DomainKeys Identified Mail
   (DKIM) service and describes how it can fit into a messaging service.
   It also describes how DKIM relates to other IETF message signature
   technologies.  It is intended for those who are adopting, developing,
   or deploying DKIM.  DKIM allows an organization to take
   responsibility for transmitting a message, in a way that can be
   verified by a recipient.  The organization can be the author's, the
   originating sending site, an intermediary, or one of their agents.  A
   message can contain multiple signatures from the same or different
   organizations involved with the message.  DKIM defines a domain-level
   digital signature authentication framework for email, using public-
   key cryptography, with the domain name service as its key server
   technology (RFC 4871).  This permits verification of a responsible
   organization, as well as the integrity of the message contents.  DKIM
   also enables a mechanism that permits potential email signers to
   publish information about their email signing practices; this will
   permit email receivers to make additional assessments about messages.
   DKIM's authentication of email identity can assist in the global
   control of "spam" and "phishing".

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Hansen, et al.               Informational                      [Page 1]
RFC 5585                 DKIM Service Overview                 July 2009

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1. Introduction ....................................................3
      1.1. DKIM's Scope ...............................................4
      1.2. Prior Work .................................................5
      1.3. Internet Mail Background ...................................6
   2. The DKIM Value Proposition ......................................6
      2.1. Identity Verification ......................................7
      2.2. Enabling Trust Assessments .................................7
      2.3. Establishing Message Validity ..............................8
   3. DKIM Goals ......................................................8
      3.1. Functional Goals ...........................................9
      3.2. Operational Goals .........................................10
   4. DKIM Function ..................................................12
      4.1. Basic Signing .............................................12
      4.2. Characteristics of a DKIM Signature .......................12
      4.3. The Selector Construct ....................................13
      4.4. Verification ..............................................13
      4.5. Sub-Domain Assessment .....................................13
   5. Service Architecture ...........................................14
      5.1. Administration and Maintenance ............................15
      5.2. Signing ...................................................16
      5.3. Verifying .................................................16
      5.4. Unverified or Unsigned Mail ...............................16
      5.5. Assessing .................................................17
      5.6. DKIM Processing within an ADMD ............................17
   6. Considerations .................................................17
      6.1. Security Considerations ...................................17
      6.2. Acknowledgements ..........................................17
   7. Informative References .........................................18
   Appendix A.  Internet Mail Background .............................20
     A.1.  Core Model ................................................20
     A.2.  Trust Boundaries ..........................................20
   Index .............................................................22
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools