DKIM: Determining its Value Proposition by Fred Tabsharani @tabsharani

DKIM: Determining its Value Proposition by Fred Tabsharani

The nature and origins of an email message are often falsely presented by email senders and as such present a host of challenges to legitimate marketers, both large and small.

The adoption of DKIM (Domain Keys Identified Mail) an initiative produced through a merger of Yahoo!’s Domain Keys and Cisco’s Identified Internet Mail (IIM) provides a foundation for distinguishing legitimate mail and develops a means of associating an identity with a particular message.  With this identity in place, a receiving MTA (Message Transfer Agent) can make decisions about the further handling of the message based upon an assessment (using reputation and accreditation services) of the identity that the message is associated with.

Receivers who successfully verify the DKIM cryptographic signature can use information about the signer as part of a program to limit spam, spoofing or phishing, or any other unwelcome conduct.  The integral role of DKIM is to determine the verified identity as taking responsibility for the message.

Verifying Identity

Verifying Identity
Verifying Identity

Consider an attack against your organization, or even customers of your organization. The name of your organization is linked to particular internet domains and attackers may leverage this either by using the legitimate domain name, without authorization, or a “sister” domain name that is similar to, but not controlled by, your organization.  A receiving organization that employs DKIM can differentiate between domains used by known organizations and domains used by others.  In this role, DKIM positively identifies messages associated with justifiable identities rather than negatively identifying messages with problematic identities.  However, whether a verified identity belongs to a good or bad actor is a question for later steps in the validation process, owned by reputation services.

DKIM, by itself, does not necessarily increase the chances of a message arriving in someone’s inbox.  What it does, in its simplest case, is validate the integrity of the message, assuring that it has not been tampered with during transit.

DKIM Enables Trust

Email receiving services and organizations are faced with a very basic decision once a message arrives: whether to deliver the newly arrived message to the indicated recipient or not?  Behind this decision is the question of whether the receiving service trusts the message enough to label it as “safe.” Most receiving transfer agents offer services that allow for such a quality assessment.  These agents use reputation and accreditation services such as ReturnPath or Pivotal Veracity to further evaluate the sender.  As the engine processes information, it either raises or lowers its trust assessment for the message.  For example, trust is increased based on the reputation of the sender by IP address.

The next step, as I see it, is for reputation services to evaluate digital messages by domain as well.  Evaluating messages based on “domain-reputation” instead of IP addresses can better define who the sender is, since IP addresses incessantly change: suspect senders (spammers) still have the ability to utilize different IPs at a moment’s notice.

In order to determine reputation information, established identification is required.  When using an IP address, accuracy is based on the belief that the underlying communications or infrastructure supplies an accurate address. See recent article here regarding regarding IPs.  However, when using domain-based reputation data, some other form of validation is needed, since it is not supplied independently by the infrastructure.  DKIM satisfies this requirement by declaring a valid “responsible” identity about which the engine can make a quality assessment and by using a digital signature to ensure that the use of the identifier is authorized.  However, by itself, a valid DKIM signature neither lowers nor raises the level of trust associated with the message.  But it allows other mechanisms to approve the message.

Establishing Message Integrity

Middleman attacks are few and far between; however, it is possible for a message to be modified during transit.  DKIM’s cryptographic method validates the message integrity.  If, for any reason, it has been changed, the message will not be verified successfully on the receiver’s MTA without using DKIM.   DKIM’s authentication of email identity can assist in the global control of “spam” and “phishing.”  There has been a trend to using more than one mode of authentication too.  For example, Ralph Lauren and Southwest Airlines, both use Domain Keys and DKIM to authenticate digital messages.  This theory allows for senders using dual mode to “cover their bases” as fewer receivers rarely check for both Domain Keys and DKIM.

As DKIM gains traction in the digital messaging marketplace, organizations and ISPs are likely to develop business rules that reward senders and receivers that use any one of these authentication methods.  In a recent OTA (Online Trust Alliance)  town hall meeting, hypothetical solutions for when organizations choose not to authenticate messages were discussed.   Many ideas were proposed and the discussion of their merits is on-going, but one interesting thought that’s was discussed was the idea that organizations choosing to bypass authentication may be subject to a digital tariff.

Meet the author:

Fred Tabsharani

Fred Tabsharani

Fred Tabsharani is engaged in strategic marketing initiatives for Port25 Solutions, Inc., a globally recognized email software company which serves Email Service Providers and leading enterprises. After receiving his MBA from John F. Kennedy University, Fred immersed himself into the world of email deliverability and constantly discovers new insight from thought-leaders in the email industry. He is a columnist for a few industry blogging portals and is also a member of several email based organizations including but not limited to MAAWG and the Email Experience Council. Fred’s goal is to continue honing his skills and knowledge in this space and to build timeless industry relationships that transcend business goals.

Connect with: Fred Tabsharani

Share this page:

Share on linkedin
LinkedIn
Share on facebook
Facebook
Share on twitter
Twitter
Share on email
Email

Connect with us:

To stay in the know and get the best eMail Marketing information that will teach you how to BEE an eMail Marketing Ninja.

mood_bad
  • No comments yet.
  • Add a comment

    Share this page:

    Share on linkedin
    Share on facebook
    Share on twitter
    Share on email

    SUBSCRIBE
    to download our
    FREE GUIDE
    “27 Free Tools Every
    eMail Marketer Needs
    in Their Toolbox”

     

    Your privacy is our privilege!
    We will never rent, sell or share your data. 
    You can unsubscribe at any time, but you won’t want to 😃

    SUBSCRIBE to our newsletter
    to download our FREE GUIDE
    “27 Free Tools Every
    eMail Marketer Needs in Their Toolbox”

    Download our free guide 27 Free Tools Every eMail Marketer Needs in Their Toolbox

    Download our FREE GUIDE

    Your privacy is our privilege!
    We will never rent, sell or share your data. 
    You can unsubscribe at any time, but you won’t want to 😃

    This website uses cookies to ensure you get the best experience on our website.