Domain Keys Identified Mail and DomainKeys: Third in 3-Part Series on E-Mail Authentication
E-mail authentication's importance has been discussed often in the media, at industry trade shows and in blogs. However, before you begin an e-mail authentication program, you are going to need to separate fact from fiction. In this three-part series, Knowledge Center contributor Ellen Siegel explains what e-mail authentication is, why e-mail authentication is important, how e-mail authentication works and what exactly you need to do to authenticate your e-mail.Editor's Note: In Part 1 of her three-part series on e-mail authentication, Knowledge Center contributor Ellen Siegel shared a comprehensive, high-level overview of e-mail authentication. In Part 2, Ellen delved into the functionality and implementation details of Sender Policy Framework (SPF) and Sender ID authentication. Here, in Part 3, Ellen delves into the functionality and technical details of Domain Keys Identified Mail (DKIM). Domain Keys Identified Mail (DKIM) is the standards track protocol for cryptographic e-mail authentication and is imperative for new implementations. It supersedes DomainKeys, so this article will focus there. The only reason to implement DomainKeys for outbound mail is if you're sending mail to one of the few domains that still validate Domain Keys and have not upgraded to DKIM (currently Yahoo is the main receiver in this category).
Unlike Sender ID and Sender Policy Framework (SPF), implementing DKIM and DomainKeys does require changes to sender mail processing. The good news is that very few people actually do their own implementation. The more common approach is to either outsource your e-mail, or to identify an open-source or commercial implementation that is compatible with the mail server you use and integrate it into your deployment.