Department of CSE

COURSE NAME: NETWORK &

INFRASTRUCTURE SECURITY
COURSE CODE: 22CS2234F/22CSB3202
Topic:
NAME OF THE TOPIC: working principle of
Domain Key Identified Mail
Session - 24

CREATED BY K. VICTOR BABU

 AIM OF THE SESSION
To familiarize students with the basic concept of Domain Key Identified Mail and E-mail security

INSTRUCTIONAL OBJECTIVES

This Session is designed to:

1. The objective is to ensure e-mail, network security to ensure the email
authentication

LEARNING OUTCOMES

At the end of this session, you should be able to:

1. At the end of this session, you should be able to know the working principle of Domain
Key Identified Mail(DKIM) for email authentication

CREATED BY K. VICTOR BABU

 DKIM INTRODUCTION

 The DomainKeys was designed by Mark Delany of Yahoo! and enhanced through
comments from many others in 2004, later it was specified in RFC 4870. The
latest RFC for DKIM is 5585 issued by Internet Engineering Task Force (IETF)

 Domain key identified mail protocol is one of the popular email authentication
protocol

 DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take

responsibility for transmitting a message by signing it in a way that mailbox
providers can verify.

 The key is provided by the organization that is sending your email, for example
yahoo, Google etc.

 In this session, we cover the working principle of DKIM (domain key identified mail)

CREATED BY K. VICTOR BABU

 The DKIM Value Proposition

 Identity Verification
o As an assessment service of DKIM can differentiate between a domain (Signing Domain
IDentifier (SDID)) used by a known organization and a domain used by others. As such,
DKIM performs identification of messages associated with verifiable identities.

 Enabling Trust Assessments

o The accuracy is based on the belief that the underlying Internet infrastructure (IP
Address) supplies an accurate address.

 Establishing Message Validity

o DKIM validate a signed message has not been modified between the time of signing and
the time of verifying. If it has been changed in any way, then the message will not be
verified successfully with DKIM.

CREATED BY K. VICTOR BABU

 DKIM Goals

 Use Domain-Level Granularity for Assurance

o DKIM binds a signing key record to a Domain Name as the Signing Domain IDentifier
(SDID)
 Implement Locality
o Any party, anywhere along the transit path, can implement DKIM signing.
 Allow Delegation of Signing to Independent Parties
o DKIM was designed to support signing by any of these different parties and to permit
them to sign with any domain name that they deem appropriate
 Retain Ability to Have Anonymous Email
o The ability to send a message that does not identify its author.
 Make Presence of Signature Transparent to Non-Supporting Recipients:
o DKIM is designed to be transparent to recipients that do not support it
 a DKIM signature verifier is to treat messages with signatures that fail as if they were
unsigned

CREATED BY K. VICTOR BABU

 DKIM Functions
 Basic Signing
o The signature mechanism is, a signer chooses Signing Domain IDentifier (SDID), performs
digital signing on the message, and adds the signature information using a DKIM header
field. A verifier obtains the domain name and the "selector" from the DKIM header field,
obtains the public key associated with the domain name, and verifies the signature.

 Characteristics of a DKIM Signature

o DKIM signature applies to the message body and selected header fields.

 The Selector Construct

o The key for a signature is associated with an SDID. That domain name provides the complete
identity used for making assessments about the signer.

 Verification
o After a message has been signed, any agent in the message transit path can verify the
signature to determine that the owner of the SDID took responsibility for the message.
Message recipients can verify the signature by querying the DNS for the signer's domain
directly,
CREATED BY K. VICTOR BABU
 DKIM DESCRIPTION

DKIM?
 Domain Keys Identified Mail (DKIM) is an email security standard that ensures
messages are not modified while traveling between the recipient and
sending servers.
 DKIM permits organizations to take responsibility for transmitting a message in a
way a recipient can verify.
 The organization can be the originating website, intermediary, etc. Their reputation
is the basis for evaluating whether or not to trust the message for delivery.
What is a DKIM Signature?
 DKIM gives emails a signature header that is added to the email and secured with
encryption.
 Each DKIM signature contains all the information needed for an email server to
verify that the signature is real, and a pair of DKIM keys encrypt it.
 The originating email server has the 'private DKIM key,' which can be verified by the
receiving mail server or ISP with the other half of the keypair, called the 'public
DKIM key.'
 These signatures travel with the emails and are verified along the way by the email
servers that move the emails toward their final destination.
CREATED BY K. VICTOR BABU
 Use of DKIM

Advantages with authentication of emails with DKIM

 DKIM is among the top three must-have authentication protocols, and that's for
good reason as it impacts the deliverability and reputation of the domain.
 Some of the reasons behind getting your domain DKIM authenticated are as
follows:
 DKIM Maintains the legitimacy of the sender
 When you have a DKIM signed email, it signals to ISPs that the email is not
tampered with.
 This helps improve your reputation as a sender as it seems legitimate to
the receiver's server.
 The better is sender's reputation will be, the more you'll land in the recipient's
inbox, leading to higher deliverability.

CREATED BY K. VICTOR BABU

 DKIM SESSION DESCRIPTION
DKIM working method?
 DKIM is added as a signature to your email's header once it's verified by both the sender
and receiver's server. using a private and public cryptographic key.
 The private key is safe and hosted on your server or your ESPs. As it's private, only you can
have access to it.
 To validate the DKIM signature, ISPs look at the public key hosted on your organization's
DNS record.
 This record is public and can be accessed by anyone to verify the legitimacy of your
sender's domain.
The process :
 A domain owner publishes a cryptographic public key as a specially-formatted TXT record in the
domain's overall DNS records.
 On the sender's server end.
 When an email is sent, the domain generates a key.
 This key contains all the information the mail server needs to verify your messages.
 On the receiver's server end.
 When the recipient server receives a DKIM signed email, it utilizes the public key
published to DNS to check the source message and the message body.
 To check if any changes were made during the transit.
 Once the recipient server verifies the signature with the public key, the message is
deemed authentic. After that, it is passed on to the ESP.
CREATED BY K. VICTOR BABU
 DKIM process

Verification of DKIM signed messages.

 For any email, the signature from DKIM is like a tamper-proof seal.
 The signature shows that it has come from the original domain and hasn't been
tampered with.
 Every email sent is attached with a signature which is specially configured from
the email servers to use the DKIM.
DKIM record?
 A DKIM record stores the DKIM public key of the sender mail organization, to be
used for verification
 The email combines with a private key available at the sender server software to
form an email signature.
 This signature is sent to the recipient along with the actual message for
verification.

CREATED BY K. VICTOR BABU

 Advantages of DKIM

Protect your domain and secure your email

 DKIM prevents email spoofing sent from your domain.
 When DKIM authenticates your emails, every outgoing message will hold the DKIM
signature.
 This signature will ensure that the email content is not tampered with. Hence,
keep your email away from spoofed domains.

Get in the good books of ISPs

 ISPs are the major contributing factor in deciding where to land your email or not.
 The emails signed by DKIM, ensure that the ISP know that you have verified sender
and the content is not tampered with.
 The more you show ISPs that your content and sending domain are genuine, the
more you'll see your emails land in the inbox.

CREATED BY K. VICTOR BABU

 EXAMPLES

The widely used mail systems is google mail

DKIM implementations – open a Gmail  go to more button and click on <> show original  as below:

CREATED BY K. VICTOR BABU

 SUMMARY

DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take

responsibility for transmitting a message by signing it in a way that mailbox
providers can verify. DKIM record verification is made possible through cryptographic
authentication.

CREATED BY K. VICTOR BABU

 ACTIVITIES/ CASE STUDIES/ IMPORTANT FACTS RELATED TO THE
SESSION

1. Explain How to set up your own DKIM key?

2. What is DKIM?

CREATED BY K. VICTOR BABU

 SELF-ASSESSMENT QUESTIONS

1. …DomainKeys Identified Mail (DKIM) is a protocol allowing for email authentication utilizing PKI.
Where does DKIM store its public certificate keys?

(a) …Certificate authority

(b) …MTA

(c) …Mail server

(d) …DNS

2. …. An email may contain non-text information which may be __________

(a) …downloaded
(b) …uploaded
(c) …erased
(d) …transmitted

CREATED BY K. VICTOR BABU

 TERMINAL QUESTIONS

1.Explain how to set up dmk key?

2. Explain DKIM record?

3. Explain authenticate emails with DKIM?

.
4. Explain DKIM SIGNATURE?

CREATED BY K. VICTOR BABU

 REFERENCES FOR FURTHER LEARNING OF THE SESSION

Reference Books:
1. 1. Cryptography and Network Security Principles and Practice, by William
Stallings, Pearson, 7th edition, 2017.
2. Cryptography And Network Security by Behrouz A. Forouzan, Debdeep
Mukhopadhyay, TataMcGraw Hill Education Private Limited, Fourth edition
2015.
3. William Stallings, “Network Security Essentials”, Pearson Education, 7th
Edition, 2017.
Sites and Web links:
4. 1. https://www.linkedin.com/learning/it-security-foundations-network-security-
15189799linkedin Programming Foundations: Algorithms https://
www.linkedin.com/learning/programming- foundations-algorithms
5. www.cise.ufl.edu/~sahni/cop3530
6. https://www.linkedin.com/learning/learning-cryptography-and-network-
security

CREATED BY K. VICTOR BABU

 THANK YOU

Team – NETWORK & INFRASTRUCTURE SECURITY

COURSE CODE: 21CS3042RA

CREATED BY K. VICTOR BABU