What makes an email authentic? First, it really came from the sender it says it came from. Second, its content was not tampered with during transmission. Visual inspection used to be enough to spot fake emails, but spammers' methods have grown sophisticated. Display names and email addresses can be spoofed convincingly, along with the message content. The good news is that there are simple yet effective ways to validate emails and reduce fraud attacks: DKIM, SPF, and DMARC. The bad news is that not many organizations include these in their email security strategy. Let’s try to change that by discussing DKIM in detail.
What is DKIM and how does it work?
By definition, DomainKeys Identified Mail (DKIM) is a method that authenticates emails through a pair of cryptographic keys – a public key published in a Domain Name System TXT record and a private key encrypted in a signature affixed to outgoing messages. Both keys are generated by the domain owner. After a message is received, the destination server extracts the signature and uses the public key from the domain owner to decrypt it. If the signature can be decrypted, the keys are match and the message is validated. Recipients of the message can trust its authenticity. If it can’t be decrypted, the message is either deleted or sent to the spam folder, depending on the local policies for messages that fail the signature test.
The DKIM signature
Before sending out messages, the domain owner decides which elements to add in the signature; these can be just some parts of the email header (like sender’s information), or most parts of the email header plus the message body. Once set, the elements should stay unchanged; otherwise, verification will fail. Next, a mail transfer agent (MTA) generates a hash value, which is a unique character string that represents the signature. The hash value is short enough to be inserted in the header of outgoing messages, and also encrypted by a private key known only to the domain owner.
Importance of DKIM
DKIM discourages spammers from spoofing and protects recipients from phishing attacks. In turn, it improves email deliverability and strengthens stakeholder trust. Suppose a retail company launches an email campaign about a new product line. Without authentication, messages are either marked as spam or not delivered to intended recipients, causing the company to lose business. Spammers can take the opportunity to create their own phishing emails based on the campaign, so there’s additional danger of confusing customers. Some recipients may think the fake messages are real and end up with a malware infection. Though it isn’t the company’s fault, its trustworthiness will still take a hit. DKIM works best when more organizations use it. Most messages will be authenticated, making it especially hard for spammers to spoof emails.
How Paubox can help
DKIM is a good first step in email authentication, and it can be done using Paubox Email Suite Plus. One of the hundreds of checks Paubox Email Suite Plus makes against incoming emails includes validating DKIM, SPF and DMARC records. But some spammers can still get around the signature test by using valid consumer platforms like Yahoo! and Gmail, so your inbox needs further protection like the advanced threat detection features Paubox Email Suite Plus offers. For example, ExecProtect stops display name spoofing attacks from reaching users. You can see ExecProtect in action for yourself with a free 14-day trial.