datatracker.ietf.org
Sign in
Version 5.12.0.p1, 2015-03-01
Report a bug

DomainKeys Identified Mail (DKIM) Service Overview
RFC 5585

Document type: RFC - Informational (July 2009; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5585 (Informational)
Responsible AD: Pasi Eronen
Send notices to: stephen.farrell@cs.tcd.ie, barryleiba@computer.org, draft-ietf-dkim-overview@ietf.org

Network Working Group                                          T. Hansen
Request for Comments: 5585                             AT&T Laboratories
Category: Informational                                       D. Crocker
                                             Brandenburg InternetWorking
                                                         P. Hallam-Baker
                                             Default Deny Security, Inc.
                                                               July 2009

           DomainKeys Identified Mail (DKIM) Service Overview

Abstract

   This document provides an overview of the DomainKeys Identified Mail
   (DKIM) service and describes how it can fit into a messaging service.
   It also describes how DKIM relates to other IETF message signature
   technologies.  It is intended for those who are adopting, developing,
   or deploying DKIM.  DKIM allows an organization to take
   responsibility for transmitting a message, in a way that can be
   verified by a recipient.  The organization can be the author's, the
   originating sending site, an intermediary, or one of their agents.  A
   message can contain multiple signatures from the same or different
   organizations involved with the message.  DKIM defines a domain-level
   digital signature authentication framework for email, using public-
   key cryptography, with the domain name service as its key server
   technology (RFC 4871).  This permits verification of a responsible
   organization, as well as the integrity of the message contents.  DKIM
   also enables a mechanism that permits potential email signers to
   publish information about their email signing practices; this will
   permit email receivers to make additional assessments about messages.
   DKIM's authentication of email identity can assist in the global
   control of "spam" and "phishing".

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Hansen, et al.               Informational                      [Page 1]
RFC 5585                 DKIM Service Overview                 July 2009

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1. Introduction ....................................................3
      1.1. DKIM's Scope ...............................................4
      1.2. Prior Work .................................................5
      1.3. Internet Mail Background ...................................6
   2. The DKIM Value Proposition ......................................6
      2.1. Identity Verification ......................................7
      2.2. Enabling Trust Assessments .................................7
      2.3. Establishing Message Validity ..............................8
   3. DKIM Goals ......................................................8
      3.1. Functional Goals ...........................................9
      3.2. Operational Goals .........................................10
   4. DKIM Function ..................................................12
      4.1. Basic Signing .............................................12
      4.2. Characteristics of a DKIM Signature .......................12
      4.3. The Selector Construct ....................................13
      4.4. Verification ..............................................13
      4.5. Sub-Domain Assessment .....................................13
   5. Service Architecture ...........................................14
      5.1. Administration and Maintenance ............................15
      5.2. Signing ...................................................16
      5.3. Verifying .................................................16
      5.4. Unverified or Unsigned Mail ...............................16
      5.5. Assessing .................................................17
      5.6. DKIM Processing within an ADMD ............................17
   6. Considerations .................................................17
      6.1. Security Considerations ...................................17
      6.2. Acknowledgements ..........................................17
   7. Informative References .........................................18
   Appendix A.  Internet Mail Background .............................20

[include full document text]