Domainkeys identified e-mail

DKIM stands for “DomainKeys Identified E-Mail“. Let’s imagine we implement DKIM in letter mail. It would look something like this.

You receive a letter with a sender’s address on it. Since you have received many letters with unsolicited or dangerous content in the past, you want to make sure that the letter is certainly from the sender indicated on the envelope and not a deception from a criminal who wants to do you harm.

The acceptance of the letter takes place at the front door, the person to whom the letter is finally to be delivered is in the house and is waiting for you to handle the acceptance of the letter.

You take the letter from the delivery person. The envelope is not sealed.

Therefore, you open the letter first (the deliverer is still standing at the front door, waiting patiently). Since the letter is secured with DKIM, you will find the subject, text and attachments, which we will simply call “contents” for this example, and another small sealed envelope in the opened envelope.

You now send the entire “content” through your personal DKIM hash machine (let’s say this is a free app on your phone) by photographing the content. The result of this effort is a combination of numbers, e.g. 4711, which could be described as a fingerprint of the content.

You now look at the seal of the small envelope and send a photo of it to the website of the “central registration register for senders” (DNS). The stamp of the seal (the domain signature) is thus matched with the fingerprint that is available in the population register. If the message register gives a positive feedback to this check, you break the seal and find a number in it as well (the hash value of the content). You now compare the fingerprint you have calculated with the one in the envelope. If this also matches, you know the following:

– The sending server “hashed” the content and added its seal.

– Since the seal was unbroken and matches the one in the message register, the sender is correct.

– Since the hashed content was identical to the hash value from you, the content was not changed along the way. Now you can accept the letter and give it to the person to whom the letter is addressed. If either value does not match, you return the letter to the deliverer and refuse to accept it.

Advantage of the method:

– The sending system can be uniquely identified.

– It can be checked if the content remained unchanged along the way.

Disadvantages of the method:

– What happens to a message if the sender does not use DKIM? You would receive a letter that can be modified by anyone along the way and the sender does not bother to sign it using DKIM. But the letter could still be authentic and have integrity, what to do, accept or deny?

– What happens to a message if the recipient does not use DKIM? Then the method was used for nothing. The recipient will still accept any letter, those with and those without DKIM signature.

– The person who sends the mail (sender) can’t force DKIM and doesn’t know that it was in use.

– The person who receives the mail (recipient) cannot see if DKIM was in use. At the front door the DKIM check was done, but this information is not shown to the receiving person.