|
|
|
|
|
|
|
|
|
|
| Last Update: May 29, 2010
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC4686
09/2006
(29 p.)
pdf(2p)
|
J. Fenton |
|
Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) |
|
This document provides an analysis of some threats against Internet
mail that are intended to be addressed by signature-based mail
authentication, in particular DomainKeys Identified Mail. It
discusses the nature and location of the bad actors, what their
capabilities are, and what they intend to accomplish via their
attacks.
|
|
|
| |
| List |
Status: | Informational |
|
|
|
|
|
|
|
|
|
| | |
RFC4871
05/2007
(71 p.)
pdf(2p)
|
E. Allman
J. Callas
M. Delany
M. Libbey
J. Fenton
M. Thomas |
|
DomainKeys Identified Mail (DKIM) Signatures |
|
DomainKeys Identified Mail (DKIM) defines a domain-level
authentication framework for email using public-key cryptography and
key server technology to permit verification of the source and
contents of messages by either Mail Transfer Agents (MTAs) or Mail
User Agents (MUAs). The ultimate goal of this framework is to permit
a signing domain to assert responsibility for a message, thus
protecting message signer identity and the integrity of the messages
they convey while retaining the functionality of Internet email as it
is known today. Protection of email identity may assist in the
global control of "spam" and "phishing".
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC5016
10/2007
(15 p.)
pdf(2p)
|
M. Thomas |
|
Requirements for a
DomainKeys Identified Mail (DKIM) Signing Practices Protocol |
|
DomainKeys Identified Mail (DKIM) provides a cryptographic mechanism
for domains to assert responsibility for the messages they handle. A
related mechanism will allow an administrator to publish various
statements about their DKIM signing practices. This document defines
requirements for this mechanism, distinguishing between those that
must be satisfied (MUST), and those that are highly desirable
(SHOULD).
|
|
|
| |
| List |
Status: | Informational |
|
|
|
|
|
|
|
|
|
| | |
RFC5585
07/2009
(24 p.)
pdf(2p)
|
T. Hansen
D. Crocker
P. Hallam-Baker |
|
DomainKeys Identified Mail (DKIM) Service Overview |
|
This document provides an overview of the DomainKeys Identified Mail
(DKIM) service and describes how it can fit into a messaging service.
It also describes how DKIM relates to other IETF message signature
technologies. It is intended for those who are adopting, developing,
or deploying DKIM. DKIM allows an organization to take responsibility
for transmitting a message, in a way that can be verified by a
recipient. The organization can be the author's, the originating
sending site, an intermediary, or one of their agents. A message can
contain multiple signatures from the same or different organizations
involved with the message. DKIM defines a domain-level digital
signature authentication framework for email, using public-key
cryptography, with the domain name service as its key server
technology (RFC 4871). This permits verification of a responsible
organization, as well as the integrity of the message contents. DKIM
also enables a mechanism that permits potential email signers to
publish information about their email signing practices; this will
permit email receivers to make additional assessments about messages.
DKIM's authentication of email identity can assist in the global
control of "spam" and "phishing".
|
|
|
| |
| List |
Status: | Informational |
|
|
|
|
|
|
|
|
|
| | |
RFC5617
08/2009
(21 p.)
pdf(2p)
|
E. Allman
J. Fenton
M. Delany
J. Levine |
|
DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) |
|
DomainKeys Identified Mail (DKIM) defines a domain-level
authentication framework for email to permit verification of the
source and contents of messages. This document specifies an adjunct
mechanism to aid in assessing messages that do not contain a DKIM
signature for the domain used in the author's address. It defines a
record that can advertise whether a domain signs its outgoing mail as
well as how other hosts can access that record.
|
|
|
| |
| List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC5672
08/2009
(14 p.)
pdf(2p)
|
D. Crocker |
|
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update |
|
This document updates RFC 4871, "DomainKeys Identified Mail (DKIM)
Signatures". Specifically, the document clarifies the nature, roles,
and relationship of the two DKIM identifier tag values that are
candidates for payload delivery to a receiving processing module.
The Update is in the style of an Errata entry, albeit a rather long
one.
|
|
|
| |
| List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC5863
05/2010
(51 p.)
pdf(2p)
|
T. Hansen
E. Siegel
P. Hallam-Baker
D. Crocker |
|
DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations |
|
DomainKeys Identified Mail (DKIM) allows an organization to claim
responsibility for transmitting a message, in a way that can be
validated by a recipient. The organization can be the author's, the
originating sending site, an intermediary, or one of their agents. A
message can contain multiple signatures, from the same or different
organizations involved with the message. DKIM defines a domain-level
digital signature authentication framework for email, using public
key cryptography and using the domain name service as its key server
technology. This permits verification of a responsible organization,
as well as the integrity of the message content. DKIM will also
provide a mechanism that permits potential email signers to publish
information about their email signing practices; this will permit
email receivers to make additional assessments about messages.
DKIM's authentication of email identity can assist in the global
control of "spam" and "phishing". This document provides
implementation, deployment, operational, and migration considerations
for DKIM.
|
|
|
| |
| List |
Status: | Informational |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
