Hello DKIM, Good-bye Spam? - How it Works
(Page 2 of 4 )
Iíve seen explanations of DKIM given using various levels of technical jargon, and I freely admit that I didnít understand many of the more complicated ones. But if you understand the way Pretty Good Privacy works, you already have a fair idea of how DKIM works. Indeed, the PGP Corporation has been involved with DKIM, helping to create the standard.
So letís take a look at the system in action. Suppose that eBay wants to send an email to some of their users about their accounts. And suppose that it uses DKIM. That means eBayís outgoing mail server will add a digital signature to the message Ė usually embedded in the message headers, where human eyes wonít see it. The digital signature serves the same purpose as a human one; itís proof that the mail came from the source it says it came from.
For this example, letís assume that some of the recipients have Yahoo email accounts. The email travels to Yahooís mail servers, which automatically check eBayís domain listing to make sure the digital signature is valid. If it is valid, the message goes forward; if not, it is probably spam and flagged as such.
This system is better than using such methods as assembling a blacklist of spammers or identifying common traits of spam messages because itís far harder to sidestep. Spammers have been able to defeat antispam technologies by spoofing addresses, inserting image ads into the text of messages and even appending excerpts from fictional works to defeat certain forms of spam filtering. Theyíll have a harder time with DKIM, because digital signatures supposedly canít be forged.
This may be great news, but thereís one key point to keep in mind: the system needs to be used by both the senderís and recipientís mail servers to be truly effective. Itís also worth remembering that this system wonít flag spam sent by a legitimate company. If the firm has a true DomainKeys record, and the key in the email matches, the system will send it on through.
What DKIM will do, however, is make it easier to track abusive domain owners. That alone can be a huge help in the battle against spam. While the system doesnít automatically discard email messages with invalid signatures, once it is more widespread, ISPs and other email providers can proactively flag such messages, making it easier Ė and faster Ė to sort through that inbox.
More Web Hosting News Articles
More By Terri Wells