DomainKeys Identified Mail (DKIM) In A Nutshell
In this article, I shall explain how DomainKeys Identified Mail (DKIM) works, its benefit & and a real-life example.
Idea: DKIM allows the recipient of an E-Mail to verify that the E-Mail has been indeed sent by an authorized sender of the sending domain. DKIM also assists in fighting against E-Mail Spoofing & Spams.
Procedure: 1. The E-Mail sender will generate a Public & Private Key pair. Afterward, the sender will publish the DKIM DNS records. The DNS record will also contain the Public Key
2. The sender's Mail Gateway will cryptographically sign the outgoing E-Mail's contents (Headers and/or Body) using the Private Key and generates a hash/s (If both Body & Headers are signed, then two hashes are generated, one for the Body & other one for the Headers). The hash generated by the signing process is also sent along with the E-Mail. The E-Mail also contains information regarding which Headers have been signed. This is collectively known as a DKIM Signature
3. Upon receiving the message from the sender's Mail Gateway, the recipient's Mail Gateway will check for the DKIM Signature & accordingly calculate the Body or Headers hashes. (The sender will specify what has been signed as mentioned in the step 2.)
4. The recipient's Mail Gateway will perform a DNS lookup to obtain the sender's domain DKIM public key
5. After successfully receiving the public key, the recipient Mail Gateway will use the public key to decrypt the hashes that were sent along with the E-Mail
6. The recipient's Mail Gateway will check for the hash match. If the hashes calculated by the recipient's Mail Gateway (in step 3) match the hashes that were decrypted using the Public Key (in step 5), then it means that the E-Mail was not modified in the transit. According to the result, the recipient's Mail Gateway can decide if to drop or quarantine the E-Mail if the hashes do not match.
Real Life Examples: In the following image, you could see that an E-Mail received by my Gmail account from Trybe team has passed the DKIM check.
E-mail from Trybe Team passed the DKIM check
In the below image you could see an E-Mail that failed the DKIM check.
Conclusion: DKIM provides E-Mail integrity. It assists in fighting against the E-Mail Spoofing attacks. Also, do remember that the signing and verification processes are CPU intensive tasks, after enabling DKIM check on your Mail Gateways you might see some CPU spike depending upon the E-Mail volume.
I hope you find this helpful! Please feel free to provide your suggestion or opinions. Thanks :)
More articles from this author: http://dev1.trybe.one/members/prab636/blog/