Home / Blogs

Searching for Truth in DKIM: Part 3 of 5

J.D. Falk

Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is "[a] safe means of identifying a participant-such as an author or an operator of an email service" while reputation is a "means of assessing their trustworthiness."

Reputation systems based on IP addresses, including Return Path's Sender Score, are used by many ISPs and anti-spam vendors to determine which mail to accept, which to reject, and which to subject to additional filtering before making a delivery decision. There, the identifier is the IP address.

The reason this sort of reputation works for delivery decisions is that it's an attempt to predict whether the sender of a message can be trusted to send mail that the recipients want — or, more accurately, whether the IP address of a message can be trusted to send mail that the recipients won't complain about. We also mix in the concept of safety, largely in the form of how likely it is that the IP address is sending phishing scams or similar bad stuff.

In part 1 of this series, we described how the DKIM "d=" identifier brings us closer to knowing who sent a message, because it can be tied to the company or person who registered that domain name.

Reputation or certification based on the DKIM d= identifier will have the same goal — and will be more effective, because it will be tied to the signing entity rather than a single IP address. When ADSP is applied, that signing entity could be the author domain (see part 2). If not, it's still a useful method for determining whether to trust the message. Any d= domain who regularly signs trusted messages becomes trustworthy, and vice versa.

Plus, d= reputation is portable — the owner of the d= domain can use that same identifier on multiple IP addresses, even bringing it to a different ESP (as we described in part 2), without having to start over from scratch or to "warm up" IPs.

While not absolutely perfect, reputation and certification based on d= will be far more accurate, effective, and convenient than when it's based solely on the IP address. But, does a trustworthy d= domain indicate a truthful message? Stay tuned for part 4.

(This article was originally published by Return Path)

By J.D. Falk, Internet Standards and Governance. More blog posts from J.D. Falk can also be read here.

Related topics: Domain Names, Email, Security, Spam

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Meet Boston Ivy, Home to Some of the Most Specialized TLDs in the Financial Services Sector

Move Beyond Defensive Domain Name Registrations, Towards Strategic Thinking

Is Your TLD Threat Mitigation Strategy up to Scratch?

Verisign Launches New gTLDs for the Korean Market, .닷컴 and .닷넷

Verisign Opens Landrush Program Period for .コム Domain Names

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

An Update on Port25 and the Future of PowerMTA - One Year Later​

Afilias Announces Relaunch of .GREEN TLD

Encrypting Inbound and Outbound Email Connections with PowerMTA

New .PROMO Domain Sunrise Period Begins Today

Minds + Machines Group Announces Outsourcing Agreements, Web Address Change

.STORE Opens its Doors to Brands

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

V12 Group Sustains Customer Satisfaction by Deploying PowerMTA for Launchpad Platform

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

February Biggest Month to Date for Radix, Over 750K Domain Registrations

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Radix & WHMCS Offer Free .HOST Domains to All WHMCS Customers

New .BET Domain Now Available to the Public

Sponsored Topics

Port25

Email

Sponsored by
Port25
Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Verisign

Security

Sponsored by
Verisign