Presentation is loading. Please wait.

Presentation is loading. Please wait.

DKIM https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html.

Published byJack Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "DKIM https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html."— Presentation transcript:

1 DKIM https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

2 Email authentication - DKIM 1 DKIM checks the message content, deploying digital signatures. Rather than using digital certificates, the keys for signature-verification are distributed via the DNS. That way, a message gets associated to a domain name. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

3 Email authentication - DKIM 1 A DKIM-compliant ADMD generates one or more pairs of Asymmetric key algorithm|asymmetric keys, then hands private keys to the signing MTA, and publishes public keys on the DNS https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

4 Email authentication - DKIM 1 The purpose of a DKIM-signature is not to assure message integrity. Often, it does not even guarantee that a message author's data, as per a signed From: field, has a real name or a valid mailbox. The parts to be signed are chosen so as to identify the message unequivocally. A valid signature just states that the message did actually flow through a box operated by that ADMD. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

5 Email authentication - DKIM 1 While intermediate relays usually can add header fields without breaking existing DKIM-signatures, changing character set, adding a tag to the subject, adding a footer, or fixing the MIME structure of a message are likely to break them https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

6 Dkim 1 'DomainKeys Identified Mail' ('DKIM') is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain name|domain is authorized by that domain's administrators. A digital signature included with the message can be validated by the recipient using the signer's public-key cryptography|public key published in domain name system|the DNS. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

7 Dkim 1 DKIM is the result of merging 'DomainKeys' and 'Internet Identified Mail'. This merged specification has been the basis for a series of IETF #External links|standards-track specifications and support documents which eventually resulted in Internet standard|STD [http://datatracker.ietf.org/doc/STD76?inclu de_text=1 76]. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

8 Dkim 1 [http://blog.fastmail.fm/2009/08/13/all- outbound-email-now-being-dkim-signed/ All outbound email now being DKIM signed] https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

9 Dkim - Overview 1 In most cases, the signing module acts on behalf of the 'author' organization or the originating service provider by inserting a 'DKIM-Signature:' header field https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

10 Dkim - Overview 1 DKIM is independent of Simple Mail Transfer Protocol (SMTP) routing aspects in that it operates on the RFC 5322 message -- the transported mail's header and body -- not the SMTP envelope defined in RFC 5321. Hence the DKIM signature survives basic relaying across multiple MTAs. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

11 Dkim - Overview 1 DKIM allows the signer to distinguish its legitimate mail stream. It does not directly prevent or disclose abusive behavior. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

12 Dkim - Overview 1 This ability to distinguish legitimate mail from potentially forged mail has benefits for recipients of e-mail as well as senders, and DKIM awareness is programmed into some e-mail software. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

13 Dkim - How it works 1 The DKIM-Signature header field consists of a list of tag=value parts https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

14 Dkim - How it works 1 Note that the DKIM-Signature header field itself is always implicitly included in 'h'. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

15 Dkim - Development 1 In September 2011, RFC 6376 merged and updated the latter two documents, while preserving the substance of the DKIM protocol https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

16 Dkim - Development 1 DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the IETF DKIM Working Group, chaired by Barry Leiba and Stephen Farrell, with https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

17 Dkim - Development 1 Source code development of one common library is led by 'The OpenDKIM Project', following the most recent protocol additions, and licensing under the BSD licenses#3-clause license (New BSD License)|New BSD License. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

18 Dkim - Patent encumbrance 1 DomainKeys is covered by assigned to Yahoo! Inc. For the purpose of the DKIM IETF Working Group, Yahoo! released the now obsolete DK library under a dual license scheme: the DomainKeys Patent License Agreement v1.2, an unsigned version of which can still be found, and GNU General Public License v2.0 (and no other version). https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

19 Dkim - Advantages 1 * It allows a great reduction in abuse desk work for DKIM-enabled domains if e-mail receivers use the DKIM system to identify forged e-mail messages claiming to be from that domain. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

20 Dkim - Use with spam filtering 1 However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

21 Dkim - Anti-phishing 1 DKIM can be useful as an anti-phishing technology. Mailers in heavily phished domains can sign their mail to show that it is https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

22 Dkim - Anti-phishing 1 genuine. Recipients can take the absence of a valid signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of scrutiny remains an open question; DKIM has an optional feature called Author Domain Signing Practices|ADSP that lets authors that sign all their mail self-identify, but the effectiveness of this approach remains questionable: https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

23 Dkim - Anti-phishing 1 Working with eBay and PayPal, Google has effectively utilized DKIM in GMail in such a way that any e-mail that claims to be coming from ebay.com or PayPal.com will not be accepted at all if they cannot be verified successfully with DKIM. Such messages won't even appear in the Spam folder. Heavily phished domains that deserve such treatment are few in number, far less than those who publish strict policies. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

24 Dkim - Compatibility 1 Because it is implemented using DNS records and an added RFC 5322 header field, DKIM is compatible with the existing e-mail infrastructure. In particular, it is transparent to existing e-mail systems that lack DKIM support. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

25 Dkim - Protocol overhead 1 DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in overhead (computing)|computational overhead not otherwise required for e-mail delivery https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

26 Dkim - Protocol overhead 1 This facet of DKIM may look similar to hashcash, except that the receiver side verification is not a negligible amount of work. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

27 Dkim - Weaknesses 1 DKIM signatures do not encompass the message envelope, which holds the return-path and https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

28 Dkim - Weaknesses 1 message recipients. Since DKIM does not attempt to protect against mis-addressing, this does not affect its utility. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

29 Dkim - Arbitrary forwarding 1 As mentioned above, authentication is not the same as abuse prevention: DKIM doesn't prevent a spammer from composing an ad at a reputable domain so as to obtain a signed copy of the message https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

30 Dkim - Content modification 1 in format=flowed the quotes can be legally removed, which breaks DKIM signatures https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

31 Dkim - Content modification 1 The OpenDKIM Project organized a data collection involving 21 mail servers and millions of messages. Only '92.3% of observed signatures were successfully verified', a success rate that drops slightly (90.5%) when only mailing list traffic is considered. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

32 Dkim - Annotations by mailing lists 1 These problems are exacerbated when filtering or relaying software adds actual changes to a message. Although legitimate, the footer addition operated by most Electronic mailing list|mailing lists and many central Antivirus software|antivirus solutions, formally, are exactly the kind of message tampering that DKIM has been designed to guard against. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

33 Dkim - Annotations by mailing lists 1 by DKIM. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

34 Dkim - Annotations by mailing lists 1 Some suggest that these limitations could be addressed by combining DKIM with SPF, because SPF (which breaks when messages are forwarded) is immune to modifications of the e-mail data, and mailing lists typically use their own SMTP error address, also known as Return-Path. In short, SPF works without problems where DKIM might run into difficulties, and vice versa. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

35 Dkim - 2012 usage vulnerability 1 [http://www.wired.com/threatlevel/2012/10/ dkim-vulnerability-widespread How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole] https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

36 For More Information, Visit: https://store.theartofservice.co m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html https://store.theartofservice.co m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html The Art of Service https://store.theartofservice.com

Download ppt "DKIM https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html."

Similar presentations

Basic Communication on the Internet:

Basic Communication on the Internet:
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking.

D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
Architecture of Email SMTP, POP, IMAP, MIME.

Architecture of SMTP, POP, IMAP, MIME.

Similar presentations

Ads by Google