--> DKIM stands for Domain Keys Identified Mail, is an authentication protocol that detects the email has been modified during the transit ( When it is sent from your domain to recipient domain)
--> A valid DKIM signature helps in making sure that certain parts of the email have not been modified
--> DKIM works on the concept of Asymmetric Encryption ( usage of private and public keys)
--> Private Keys are stored on the Email Gateway or Exchange Server and Public Keys are stored on the Public DNS Server of the organization
--> Once DKIM is enabled on the Email Gateway or Exchange Server, For each outbound email, A hash value is generated and encrypted with the private key
--> Once the receiver domain receives the email, It will contact the Public DNS Server of sender domain to get the public key to decrypt the hash value which was generated using private key
--> The Public Key is stored in the organization Public DNS Server using DKIM Selector value.
--> The DKIM selector (also called a prefix selector) specifies the DNS location of the public key. Receiving servers use the prefix selector to find the public key.
--> The DKIM selector is specified using the “s=” tag, which is stored in the DKIM-signature header of the email.
--> A query is generated on the receiver end DNS using “selector”._domainkey.yourdomain.
--> A domain can have multiple DKIM records in the DNS. Each DKIM key has a different DKIM selector which is added to a message’s DKIM signature.
--> The DKIM Key tells the receiving mail server which DKIM key should be used for validation.
0 comments:
Post a Comment