Friday, October 30, 2009

DKIM to help fight SPAM

Have you ever heard of DKIM? duh, DKIM what's this?

http://www.dkim.org/

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

It's similar to SPF (Sender Policy Framwork)
SPF works by having domains publish reverse MX records to display which machines are designated as mail sending machines for that domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from a designated sending machine.

For DKIM,
DomainKeys (DKIM) enables a sending domain to cryptographically sign outgoing messages, allowing the sending domain to assert responsibility for a message. When receiving a message from a domain, the recipient can check the signature of the message to verify that the message is, indeed, from the sending domain and that the message has not been tampered with.
It seems to help for the SMTP weakness exploited by spammers

http://www-128.ibm.com/developerworks/lotus/library/ls-Conversion_Services/

http://www.faqs.org/rfcs/

An SMTP mail has at least two parts, the envelope and the content. The envelope defines from whom the mail is coming and to whom it should be delivered. In the content is defined what sender and recipient should be shown in the mail client (doesn't matter what kind of mail client you use).

Usually both entries are the same. Spammers however abuse this weakness by entering real recipient addresses only in the envelope, whereas the content has completely different entries. Domino (as every other mail system) uses the envelope information to route the emails. Unfortunately the envelope information is deleted by the router as soon as the email has left the mail.box. The result is, that the recipient gets an email without beeing listed in any field (To, Copy or Blindcopy). This behaviour is according to the RFC standard of SMTP, because otherwise no blindcopy functionality will be possible.

Do you use it?Do you see performance impacts?

We currently use Barracuda, we can enable it but from the documentation it seems that it could be have perfomance impacts.

5 comments:

fashion jewelry wholesale said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
qifei2012 said...
This comment has been removed by a blog administrator.
Chuck Norris said...

I like your blog :)

Unknown said...

Business intelligence analyst
SQIAR (http://www.sqiar.com/services/bi-strategy/) is a leading Business Intelligence company.Sqiar Provide business intelligence Services Which help the company to present Information in Meaningful form.