Hello DKIM, Good-bye Spam? - How it Works

(Page 2 of 4 )

I’ve seen explanations of DKIM given using various levels of technical jargon, and I freely admit that I didn’t understand many of the more complicated ones. But if you understand the way Pretty Good Privacy works, you already have a fair idea of how DKIM works. Indeed, the PGP Corporation has been involved with DKIM, helping to create the standard.

So let’s take a look at the system in action. Suppose that eBay wants to send an email to some of their users about their accounts. And suppose that it uses DKIM. That means eBay’s outgoing mail server will add a digital signature to the message – usually embedded in the message headers, where human eyes won’t see it. The digital signature serves the same purpose as a human one; it’s proof that the mail came from the source it says it came from.

For this example, let’s assume that some of the recipients have Yahoo email accounts. The email travels to Yahoo’s mail servers, which automatically check eBay’s domain listing to make sure the digital signature is valid. If it is valid, the message goes forward; if not, it is probably spam and flagged as such.

This system is better than using such methods as assembling a blacklist of spammers or identifying common traits of spam messages because it’s far harder to sidestep. Spammers have been able to defeat antispam technologies by spoofing addresses, inserting image ads into the text of messages and even appending excerpts from fictional works to defeat certain forms of spam filtering. They’ll have a harder time with DKIM, because digital signatures supposedly can’t be forged.

This may be great news, but there’s one key point to keep in mind: the system needs to be used by both the sender’s and recipient’s mail servers to be truly effective. It’s also worth remembering that this system won’t flag spam sent by a legitimate company. If the firm has a true DomainKeys record, and the key in the email matches, the system will send it on through.

What DKIM will do, however, is make it easier to track abusive domain owners. That alone can be a huge help in the battle against spam. While the system doesn’t automatically discard email messages with invalid signatures, once it is more widespread, ISPs and other email providers can proactively flag such messages, making it easier – and faster – to sort through that inbox.

Next: Advantages and Disadvantages of DKIM >>
 

More Web Hosting News Articles
More By Terri Wells

Comments On: Hello DKIM, Good-bye Spam?

· I hope you found this article informative; thanks for reading. Concerning DKIM, I'm...    · While DKIM may help in the short-term, the real culprit is the SMTP protocoland...    · Thank you for your comments and your insight! I had a feeling that we might not be...    · Instead of having the domain sign (or in addition to it), we might have the person...    · Thank you for your comment! That might be a promising approach; it would require...   >>> Post your comment now!