Questions about DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Responsibility is claimed by a signer —independently of the message's actual authors or recipients— by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key using the DNS, and then verifies that the signature matches the actual message's content.
A DKIM signature can cover other fields of a message's header, such as the From: and Subject: fields, and the message body (or its initial part). The DKIM-Signature field itself is always implicitly covered, and, besides the signature proper, contains other data identified by tags, such as the domain name, the list of covered fields, the signing algorithm, and the method by which text snippets are simplified for signing purposes (canonicalization). Thus, the strength of a DKIM-Signature can be tuned so as to allow those message modifications that are considered "normal". Note that DKIM is not designed to provide end-to-end integrity.
Prominent email service providers implementing DKIM include Yahoo, Gmail, and FastMail.FM. Any mail from these organizations should carry a DKIM signature.
bib ref : From Wikipedia, the free encyclopedia
