Determining the Value of DKIM

1,111 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,111
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Determining the Value of DKIM

  1. 1. Email Authentication: Determining the Value f DKIM o WHITEPAPER www.port25.com This document contains confidential and proprietary information belonging to Port25 Solutions, Inc. The information in this document may not be disclosed to others, copied or reproduced in any way without the prior permission from Port25 Solutions, Inc. Copyright © 2013 All rights reserved.
  2. 2. Email Authentication: Determining the Value f DKIM o TABLE OF CONTENTS Executive Summary...............................1 Determining its Value Proposition...........1 Verifying Identity.....................................2 DKIM Enables Trust...............................2 Establishing Message Integrity...............3 About Port25 Solutions, Inc...................3 EXECUTIVE SUMMARY Port25 Solutions has pioneered email authentication from the very beginning. Key events in email authentication show that Port25 was first to announce support for Yahoo’s Domain Keys, and to support Microsoft’s SenderID. Once again, Port25 is at the forefront of email authentication, working to establish broad support for the use of DKIM. The integral role of DKIM is to determine that there is a verified identity which can take responsibility for the incoming message. In and of itself, DKIM does not necessarily increase the chances of a message arriving in someone’s inbox. What it does do, in its simplest form, is validate the integrity of the message, thereby assuring that it has not been tampered with during transit. DKIM also enables trust. When ISPs begin to use domain-based reputation data to distinguish between legitimate email and spam, another form of validation will be required. DKIM will satisfy this requirement by declaring a valid and “responsible” identity. DKIM allows other mechanisms to streamline and approve the message. As DKIM gains further traction in the digital messaging marketplace, enterprises and organizations are likely to develop business rules that reward senders who use this method of authentication. PowerMTA™ allows users to easily configure their outgoing or incoming servers with the latest authentication standards. Companies benefiting from PowerMTA™ include leading email service providers, top financial institutions, major publishers, and prominent consumer brands. DKIM: DETERMINING ITS VALUE PROPOSITION The nature and origins of an email message are often falsely presented by email senders and as such present a host of challenges to legitimate marketers, both large and small. The adoption of DKIM (Domain Keys Identified Mail) an initiative produced through a merger of Yahoo!’s Domain Keys and Cisco’s Identified Internet Mail (IIM) provides a foundation for distinguishing legitimate mail and develops a means of associating an identity with a particular message. With this identity in place, a receiving MTA (Message Transfer Agent) can make decisions about the further handling of the message based upon an assessment (using reputation and accreditation services) of the identity that the message is associated with. www.port25.com This document contains confidential and proprietary information belonging to Port25 Solutions, Inc. The information in this document may not be disclosed to others, copied or reproduced in any way without the prior permission from Port25 Solutions, Inc. Copyright © 2013 All rights reserved. 1
  3. 3. Receivers who successfully verify the DKIM cryptographic signature can use information about the signer as part of a program to limit spam, spoofing or phishing, or any other unwelcome conduct. The integral role of DKIM is to determine the verified identity as taking responsibility for the message. VERIFYING IDENTITY Consider an attack against your organization, or even customers of your organization. The name of your organization is linked to particular internet domains and attackers may leverage this either by using the legitimate domain name, without authorization, or a “sister” domain name that is similar to, but not controlled by, your organization. A receiving organization that employs DKIM can differentiate between domains used by known organizations and domains used by others. In this role, DKIM positively identifies messages associated with justifiable identities rather than negatively identifying messages with problematic identities. However, whether a verified identity belongs to a good or bad actor is a question for later steps in the validation process, owned by reputation services. DKIM, by itself, does not necessarily increase the chances of a message arriving in someone’s inbox. What it does, in its simplest case, is validate the integrity of the message, assuring that it has not been tampered with during transit. DKIM ENABLES TRUST Email receiving services and organizations are faced with a very basic decision once a message arrives: whether to deliver the newly arrived message to the indicated recipient or not? Behind this decision is the question of whether the receiving service trusts the message enough to label it as “safe.” Most receiving transfer agents offer services that allow for such a quality assessment. These agents use reputation and accreditation services such as ReturnPath or Pivotal Veracity to further evaluate the sender. As the engine processes information, it either raises or lowers its trust assessment for the message. For example, trust is increased based on the reputation of the sender by IP address. The next step, as I see it, is for reputation services to evaluate digital messages by domain as well. Evaluating messages based on “domainreputation” instead of IP addresses can better define who the sender is, since IP addresses incessantly change: suspect senders (spammers) still have the ability to utilize different IPs at a moment’s notice. In order to determine reputation information, established identification is required. When using an IP address, accuracy is based on the belief that the underlying communications or infrastructure supplies an accurate address. See recent article here regarding IPs. However, when using domain-based reputation www.port25.com This document contains confidential and proprietary information belonging to Port25 Solutions, Inc. The information in this document may not be disclosed to others, copied or reproduced in any way without the prior permission from Port25 Solutions, Inc. Copyright © 2013 All rights reserved. 2
  4. 4. 6011 University Bvld. Suite 470 Ellicott City, MD 21043 data, some other form of validation is needed, since it is not supplied independently by the infrastructure. DKIM satisfies this requirement by declaring a valid “responsible” identity about which the engine can make a quality assessment and by using a digital signature to ensure that the use of the identifier is authorized. However, by itself, a valid DKIM signature neither lowers nor raises the level of trust associated with the message. But it allows other mechanisms to approve the message. www.port25.com ESTABLISHING MESSAGE INTEGRITY P: 1.410.750.SMTP (7687) T: @port25solutions E: sales@port25.com Middleman attacks are few and far between; however, it is possible for a message to be modified during transit. DKIM’s cryptographic method validates the message integrity. If, for any reason, it has been changed, the message will not be verified successfully on the receiver’s MTA without using DKIM. DKIM’s authentication of email identity can assist in the global control of “spam” and “phishing.” There has been a trend to using more than one mode of authentication too. For example, Ralph Lauren and Southwest Airlines, both use Domain Keys and DKIM to authenticate digital messages. This theory allows for senders using dual mode to “cover their bases” as fewer receivers rarely check for both Domain Keys and DKIM. As DKIM gains traction in the digital messaging marketplace, organizations and ISPs are likely to develop business rules that reward senders and receivers that use any one of these authentication methods. In a recent OTA (Online Trust Alliance) town hall meeting, hypothetical solutions for when organizations choose not to authenticate messages were discussed. Many ideas were proposed and the discussion of their merits is on-going, but one interesting thought that’s was discussed was the idea that organizations choosing to bypass authentication may be subject to a digital tariff. ABOUT PORT25 SOLUTIONS, INC. PowerMTA is specialized, high performance Message Transfer Agent (MTA) software that intelligently and efficiently delivers large volumes of e-mail, allowing for maximum delivery and response. While all-purpose MTAs in use today perform a whole variety of tasks including delivering e-mail, these general solutions fall short both in regards to scalability and relevant feature sets, negatively affecting delivery rates and subsequent ROI. In contrast, PowerMTA was developed for this particular task, helping legitimate, permission based e-mail marketers, publishers, and service providers overcome the business and technology challenges of e-mail message delivery. Companies benefiting from PowerMTA™ include leading email service providers, top financial institutions, major publishers, and well known consumer brands. www.port25.com This document contains confidential and proprietary information belonging to Port25 Solutions, Inc. The information in this document may not be disclosed to others, copied or reproduced in any way without the prior permission from Port25 Solutions, Inc. Copyright © 2013 All rights reserved. 3

×