Make your emails more trusted with DKIM

Here’s how to set up DKIM and DomainKeys on Windows Server machines

email thinkstock

The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?

There is an Internet authentication system -- DomainKeys, and its successor, DKIM -- that tries to mitigate some of the risk of trusting that emails are actually from who they say they are from. Strangely, though, this technology has not made its way into Microsoft Exchange. In this piece, I want to open the curtains on DomainKeys and DKIM, show how they work and why what they do is important, and then demonstrate how to use a free utility to set up DKIM on your on-premises Exchange servers.

email thinkstock

It all started back at Yahoo. (Yes, that is correct -- Yahoo was on the forefront of something other than Tumblr and micro acquisitions. Of course, lots of big data technology started at Yahoo -- so I guess it is not a wasteland of tech heydays gone by. But I digress.)

In 2007, Yahoo, which was still a big email service provider, was looking for a way to further clamp down on the immense amount of spam it had to deal with. What if there were a way to use domain names and specialized DNS records so that senders could verify that they actually sent a piece of mail -- as opposed to spammers and phishers inserting a legitimate email address into a message without the authorization or permission of its owner. Enter DomainKeys.

With DomainKeys, the owner or registrant of a domain generates an encryption key pair -- one public key and one private key -- and puts the public key in a special TXT record within its forward lookup zone at its public DNS server or servers. The private key is stored on the mail server and the server signs every outgoing message it sends with that private key. It adds that digital signature to a header within the email message, just like all of the other header information: sending server, all of the hops in between, date and time, mail client, antivirus updates, etc.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)