1070:, without control. The email provider who signed the message can block the offending user, but cannot stop the diffusion of already-signed messages. The validity of signatures in such messages can be limited by always including an expiration time tag in signatures, or by revoking a public key periodically or upon a notification of an incident. Effectiveness of the scenario can hardly be limited by filtering outgoing mail, as that implies the ability to detect if a message might potentially be useful to spammers.
1189:
corporate domain, as well as several other high-profile domains. He stated that authentication with 384-bit keys can be factored in as little as 24 hours "on my laptop," and 512-bit keys, in about 72 hours with cloud computing resources. Harris found that many organizations sign email with such short
681:
An Agent or User
Identifier (AUID) can optionally be included. The format is an email address with an optional local-part. The domain must be equal to, or a subdomain of, the signing domain. The semantics of the AUID are intentionally left undefined, and may be used by the signing domain to establish
1308:
of Yahoo! and enhanced through comments from many others since 2004. It is specified in
Historic RFC 4870, superseded by Standards Track RFC 4871, DomainKeys Identified Mail (DKIM) Signatures; both published in May 2007. A number of clarifications and conceptualizations were collected thereafter and
1061:
As mentioned above, authentication is not the same as abuse prevention. A malicious email user of a reputable domain can compose a bad message and have it DKIM-signed and sent from that domain to any mailbox from where they can retrieve it as a file, so as to obtain a signed copy of the message. Use
913:
to better identify spam. Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered. If a receiving system has a whitelist of known good sending domains, either locally maintained or from third party certifiers, it can skip the filtering on signed mail
926:
technology. Mailers in heavily phished domains can sign their mail to show that it is genuine. Recipients can take the absence of a valid signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of
821:
tag) to then validate the signature on the hash value in the header field, and check it against the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail was signed by the indicated domain and has not been tampered
1019:
tag on each signature, which establishes a formal expiration time; however, verifiers can ignore it. In addition, domain owners can revoke a public key by removing its cryptographic data from the record, thereby preventing signature verification unless someone saved the public key data beforehand.
1495:
Receivers who successfully verify a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behaviors. DKIM does not, itself, prescribe any specific actions by the recipient; rather, it is an enabling technology for services that
467:, with the goal of convincing the recipient to accept and to read the email—and it is difficult for recipients to establish whether to trust this message. System administrators also have to deal with complaints about malicious email that appears to have originated from their systems, but did not.
1045:
abuse, which bypasses techniques that currently limit the level of abuse from larger domains. Replay can be inferred by using per-message public keys, tracking the DNS queries for those keys and filtering out the high number of queries due to e-mail being sent to large mailing lists or malicious
908:
DKIM is a method of labeling a message, and it does not itself filter or identify spam. However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. If spammers are forced to show a correct source domain, other
1309:
specified in RFC 5672, August 2009, in the form of corrections to the existing specification. In
September 2011, RFC 6376 merged and updated the latter two documents, while preserving the substance of the DKIM protocol. Public key compatibility with the earlier DomainKeys is also possible.
1196:
stated that Harris reported, and Google confirmed, that they began using new longer keys soon after his disclosure. According to RFC 6376 the receiving party must be able to validate signatures with keys ranging from 512 bits to 2048 bits, thus usage of keys shorter than 512 bits might be
1145:. For yet another workaround, it was proposed that forwarders verify the signature, modify the email, and then re-sign the message with a Sender: header. However, this solution has its risk with forwarded third party signed messages received at SMTP receivers supporting the RFC 5617
1020:
DKIM key rotation is often recommended just to minimize the impact of compromised keys. However, in order to definitely disable non-repudiation, expired secret keys can be published, thereby allowing everyone to produce fake signatures, thus voiding the significance of original ones.
825:
Signature verification failure does not force rejection of the message. Instead, the precise reasons why the authenticity of the message could not be proven should be made available to downstream and upstream processes. Methods for doing so may include sending back an
884:
The primary advantage of this system for e-mail recipients is in allowing the signing domain to reliably identify a stream of legitimate email, thereby allowing domain-based blacklists and whitelists to be more effective. This is also likely to make certain kinds of
1964:
Your policy can be strict or relaxed. For example, eBay and PayPal publish a policy requiring all of their mail to be authenticated in order to appear in someone's inbox. In accordance with their policy, Google rejects all messages from eBay or PayPal that aren't
1190:
keys; he factored them all and notified the organizations of the vulnerability. He states that 768-bit keys could be factored with access to very large amounts of computing power, so he suggests that DKIM signing should use key lengths greater than 1,024.
743:
Algorithms, fields, and body length are meant to be chosen so as to assure unambiguous message identification while still allowing signatures to survive the unavoidable changes which are going to occur in transit. No end-to-end data integrity is implied.
1113:
The OpenDKIM Project organized a data collection involving 21 mail servers and millions of messages. 92.3% of observed signatures were successfully verified, a success rate that drops slightly (90.5%) when only mailing list traffic is considered.
807:"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDmzRmJRQxLEuyYiyMg4suA2Sy MwR5MGHpP9diNT1hRiwUd/mZp1ro7kIDTKS8ttkI6z6eTRW9e9dDOxzSxNuXmume60Cjbu08gOyhPG3 GfWdg7QkdN6kR4V75MFlw624VY35DaXBvnlTJTgRg/EW72O1DiYVThkyCgpSYS8nmEQIDAQAB"
1164:
authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email's original authentication results. This allows a receiving service to validate an email when the email's
1716:
nor revocation lists involved in DKIM key management, and the selector is a straightforward method to allow signers to add and remove keys whenever they wish – long lasting signatures for archival purposes are outside DKIM's
959:
Because it is implemented using DNS records and an added RFC 5322 header field, DKIM is compatible with the existing e-mail infrastructure. In particular, it is transparent to existing e-mail systems that lack DKIM support.
991:
not otherwise required for e-mail delivery. This additional computational overhead is a hallmark of digital postmarks, making sending bulk spam more (computationally) expensive. This facet of DKIM may look similar to
1823:
The reference to the GPL looks to me like it only covers the old
Sourceforge DK library, which I don't think anyone uses any more. The patent, which is what's important, is covered by a separate license that Yahoo
492:(SMTP) routing aspects, in that it operates on the RFC 5322 message—the transported mail's header and body—not the SMTP "envelope" defined in RFC 5321. Hence, DKIM signatures survive basic relaying across multiple
440:) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients.
1933:
The DMARC standard states in
Section 6.7, "Policy Enforcement Considerations," that if a DMARC policy is discovered the receiver must disregard policies advertised through other means such as SPF or ADSP.
1266:
Discussions about DKIM signatures passing through indirect mail flows, formally in the DMARC working group, took place right after the first adoptions of the new protocol wreaked havoc on regular
1122:
The problems might be exacerbated when filtering or relaying software makes changes to a message. Without specific precaution implemented by the sender, the footer addition operated by most
2025:
559:| Subject:demo=20run|Date:July=205,=202005=203:44:08=20PM=20-0700; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ VoG4ZHRNiYzR
896:
It allows a great reduction in abuse desk work for DKIM-enabled domains if e-mail receivers use the DKIM system to identify forged e-mail messages claiming to be from that domain.
872:
provides the ability for an organisation to publish a policy that specifies which mechanism (DKIM, SPF, or both) is employed when sending email from that domain; how to check the
1273:
In 2017, another working group was launched, DKIM Crypto Update (dcrup), with the specific restriction to review signing techniques. RFC 8301 was issued in
January 2018. It bans
1015:
Many consider non-repudiation a non-wanted feature of DKIM, forced by behaviors such as those just described. Indeed, DKIM protocol provides for expiration. There is an optional
1247:
Aspects of DomainKeys, along with parts of
Identified Internet Mail, were combined to create DomainKeys Identified Mail (DKIM). Trendsetting providers implementing DKIM include
1555:
Verifying the signature asserts that the hashed content has not changed since it was signed and asserts nothing else about "protecting" the end-to-end integrity of the message.
1197:
incompatible and shall be avoided. RFC 6376 also states that signers must use keys of at least 1024 bits for long-lived keys, though long-livingness is not specified there.
2648:
2284:
DKIM WG opted for canonical form simplicity over a canonical form that's robust in the face of encoding changes. It was their engineering choice to make and they made it.
381:
1138:
header. Anything added beyond the specified length of the message body is not taken into account while calculating DKIM signature. This won't work for MIME messages.
1703:
Signing modules use the private half of a key-pair to do the signing, and publish the public half in a DNS TXT record as outlined in the "Verification" section below.
513:, site, or further intermediary along the transit path, or an indirect handler such as an independent service that is providing assistance to a direct handler.
2526:
141:
939:
and DKIM) they employ, which makes it easier for the receiver to make an informed decision whether a certain mail is spam or not. For example, using DMARC,
2729:
1370:
In
February 2024, Google started requiring bulk senders to authenticate their emails with DKIM to successfully deliver emails to Google-hosted mailboxes.
1278:
2713:
1367:
Email providers are increasingly requiring senders to implement email authentication in order to successfully deliver mail to their users' mailboxes.
697:
fields are inserted in the header. A non-existing field matches the empty string, so that adding a field with that name will break the signature. The
685:
Both header and body contribute to the signature. First, the message body is hashed, always from the beginning, possibly truncated to a given length
1130:
solutions will break the DKIM signature. A possible mitigation is to sign only designated number of bytes of the message body. It is indicated by
1066:
tag in signatures makes doctoring such messages even easier. The signed copy can then be forwarded to a million recipients, for example through a
2022:
876:
field presented to end users; how the receiver should deal with failures—and a reporting mechanism for actions performed under those policies.
2513:
DKIM was produced by an industry consortium in 2004. It merged and enhanced DomainKeys, from Yahoo! and
Identified Internet Mail, from Cisco.
996:, except that the receiver side verification is a negligible amount of work, while a typical hashcash algorithm would require far more work.
374:
101:
1173:
records are rendered invalid by an intermediate server's processing. ARC is defined in RFC 8617, published in July 2019, as "Experimental".
756:
server wanting to verify uses the domain name and the selector to perform a DNS lookup. For example, given the example signature above: the
1008:
feature prevents senders (such as spammers) from credibly denying having sent an email. It has proven useful to news media sources such as
231:
226:
196:
1373:
Similarly in
February 2024, Yahoo started requiring bulk senders to implement SPF and DKIM to successfully deliver emails to Yahoo users.
1802:
792:
Note that the selector and the domain name can be UTF-8 in internationalized email. In that case the label must be encoded according to
455:
The need for email validated identification arises because forged addresses and content are otherwise easily created—and widely used in
56:
2072:
1185:
reported that mathematician Zach Harris detected and demonstrated an email source spoofing vulnerability with short DKIM keys for the
303:
246:
171:
313:
283:
899:
The domain owner can then focus its abuse team energies on its own users who actually are making inappropriate use of that domain.
3042:
2928:
1312:
DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the
367:
298:
91:
2831:
2793:
2645:
2618:
2391:
2342:
2314:
2218:
1984:
1738:
1663:
1627:
1526:
1466:
1388:
1313:
1146:
928:
2665:
3052:
474:
organization) to communicate which email it considers legitimate. It does not directly prevent or disclose abusive behavior.
116:
106:
713:— if it does, it refers to another, preexisting signature. For both hashes, text is canonicalized according to the relevant
2682:
RFC 4870 ("Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys)"; obsoleted by RFC 4871).
931:
that lets authors that sign all their mail self-identify, but it was demoted to historic status in November 2013. Instead,
796:
before lookup. The data returned from the query of this record is also a list of tag-value pairs. It includes the domain's
428:, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's
3037:
489:
482:
236:
216:
166:
1035:
and message recipients. Since DKIM does not attempt to protect against mis-addressing, this does not affect its utility.
814:
can also be used to point at a different TXT record, for example when one organization sends email on behalf of another.
3062:
2091:
1382:
1157:
156:
151:
146:
1012:, which has been able to leverage DKIM body signatures to prove that leaked emails were genuine and not tampered with.
3057:
1692:
The From header field MUST be signed (that is, included in the "h=" tag of the resulting DKIM-Signature header field).
1098:
header fields. In addition, servers in certain circumstances have to rewrite the MIME structure, thereby altering the
333:
293:
161:
2876:
2701:
987:
DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in
2534:
2894:
732:, a list of header fields (including both field name and value) present at the time of signing may be provided in
947:
both publish policies that all of their mail is authenticated, and requesting that any receiving system, such as
2726:
186:
126:
477:
DKIM also provides a process for verifying a signed message. Verifying modules typically act on behalf of the
2381:
1888:
2585:
1429:
1267:
1166:
1142:
1123:
1110:, provided that MIME header fields are not signed, enjoy the robustness that end-to-end integrity requires.
976:
936:
865:
718:
429:
353:
343:
136:
51:
35:
2556:
2479:
1903:
1094:-aware. Mail servers can legitimately convert to a different character set, and often document this with
493:
221:
71:
2612:
1928:
1713:
1050:
827:
510:
348:
121:
1277:
and updates key sizes (from 512-2048 to 1024-4096). RFC 8463 was issued in September 2018. It adds an
709:
equal to the empty string, is implicitly added to the second hash, albeit its name must not appear in
2845:
2807:
2462:
2356:
2232:
2164:
1998:
1752:
1677:
1540:
1480:
1456:
1414:
988:
693:. Repeated field names are matched from the bottom of the header upward, which is the order in which
402:
131:
2181:
1270:
use. However, none of the proposed DKIM changes passed. Instead, mailing list software was changed.
524:
organization or the originating service provider. The specification allows signers to choose which
1769:
1106:, and entity boundaries, any of which breaks DKIM signatures. Only plain text messages written in
3047:
2385:
2264:
1435:
1282:
1127:
909:
filtering techniques can work more effectively. In particular, the source domain can feed into a
433:
338:
66:
935:
can be used for the same purpose and allows domains to self-publish which techniques (including
2413:
2208:
1576:
1398:
1241:
1218:
910:
444:
425:
266:
42:
2310:
1810:
463:
and other email-based fraud. For example, a fraudster may send a message claiming to be from
2835:
2797:
2452:
2438:
2346:
2222:
2154:
2136:
2068:
1988:
1742:
1667:
1653:
1530:
1516:
1512:
1470:
1079:
596:
437:
2691:
RFC 6376 ("DomainKeys Identified Mail (DKIM) Signatures"; obsoletes RFC 4871 and RFC 5672).
2733:
2652:
2586:"Identified Internet Mail: A network based message signing approach to combat email fraud"
2140:
2029:
1728:
1333:
1005:
447:. It is defined in RFC 6376, dated September 2011, with updates in RFC 8301 and RFC 8463.
420:
DKIM allows the receiver to check that an email that claimed to have come from a specific
207:
1038:
A number of concerns were raised and refuted in 2013 at the time of the standardization.
662:
for the actual digital signature of the contents (headers and body) of the mail message,
1292:
is adequately strong while featuring short public keys, more easily publishable in DNS.
2655:. Yahoo! corporate blog. Delany is credited as Chief Architect, inventor of DomainKeys.
1798:
1393:
1221:
406:
257:
689:(which may be zero). Second, selected header fields are hashed, in the order given by
3031:
1345:
1042:
525:
509:
The signing organization can be a direct handler of the message, such as the author,
436:. A valid signature also guarantees that some parts of the email (possibly including
1959:
1945:
1228:
as a signature-based mail authentication standard, while DomainKeys was designed by
551:; t=1117574938;x=1118006938;l=200; h=from:to:subject:date:keywords:keywords; z=From:
2295:
RFC 2045 allows a parameter value to be either a token or a quoted-string, e.g. in
2260:
2042:
1356:
1205:
DKIM resulted in 2004 from merging two similar efforts, "enhanced DomainKeys" from
848:, now expired. Yahoo! licensed its patent claims under a dual license scheme: the
811:
176:
1217:
standards-track specifications and support documents which eventually resulted in
963:
This design approach also is compatible with other, related services, such as the
424:
was indeed authorized by the owner of that domain. It achieves this by affixing a
3005:
Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
2789:
Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
2746:
2465:
2442:
3009:
3002:
2995:
2985:
2978:
2971:
2964:
2957:
2947:
2940:
2848:
2825:
2810:
2787:
2359:
2336:
2235:
2212:
2167:
2144:
2001:
1978:
1773:
1755:
1732:
1680:
1657:
1543:
1520:
1483:
1460:
1337:
1321:
1317:
1305:
1032:
927:
scrutiny remains an open question. DKIM used to have an optional feature called
421:
2912:
2766:
1149:
protocol. Thus, in practice, the receiving server still has to whitelist known
1409:
1329:
1288:
1233:
844:
797:
781:
532:
field must always be signed. The resulting header field consists of a list of
456:
414:
324:
1580:
914:
from those domains, and perhaps filter the remaining mail more aggressively.
2256:
1009:
3012:
A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
2827:
A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
1568:
17:
2496:
1837:
1631:
1325:
1260:
993:
923:
886:
800:, along with other key usage tokens and flags (e.g. from a command line:
460:
410:
2960:
DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)
2480:"How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole"
2457:
1355:, following the most recent protocol additions, and licensing under the
1419:
1049:
For a comparison of different methods also addressing this problem see
1031:
DKIM signatures do not encompass the message envelope, which holds the
968:
1601:
2929:
Why do I need to set DKIM when my DMARC can pass basis the SPF alone?
2840:
2802:
2351:
2227:
2159:
1993:
1747:
1672:
1535:
1475:
1424:
1341:
1237:
1067:
972:
964:
944:
641:(optional), header fields - copy of selected header fields and values
287:
181:
80:
60:
892:
There are some incentives for mail senders to sign outgoing e-mail:
470:
DKIM provides the ability to sign a message, and allows the signer (
1866:
1263:. Any mail from these organizations should carry a DKIM signature.
2557:"STD 76, RFC 6376 on DomainKeys Identified Mail (DKIM) Signatures"
2530:
1652:
Dave Crocker; Tony Hansen; Murray S. Kucherawy, eds. (July 2009).
1403:
1274:
1252:
1248:
1229:
1225:
1210:
1206:
1161:
1107:
948:
932:
869:
308:
86:
2589:
2109:
1224:, currently RFC 6376. "Identified Internet Mail" was proposed by
2943:
Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
2771:
2751:
2560:
2448:
2299:
the quotes can be legally removed, which breaks DKIM signatures.
2272:
2214:
Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
2150:
1907:
1845:
1406:(Domain-based Message Authentication, Reporting and Conformance)
1214:
1213:. This merged specification has been the basis for a series of
1170:
1091:
1028:
The RFC itself identifies a number of potential attack vectors.
940:
793:
753:
276:
271:
241:
191:
111:
76:
2182:"IESG Report regarding "Appeal of decision to advance RFC6376""
635:(required), header fields - list of those that have been signed
2646:"One small step for email, one giant leap for Internet safety"
1256:
1141:
Another workaround is to whitelist known forwarders; e.g., by
96:
2895:"The New Requirements for Email Delivery at Gmail - Valimail"
1977:
Tony Hansen; Dave Crocker; Phillip Hallam-Baker (July 2009).
27:
Email authentication method designed to detect email spoofing
2974:
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures—Update
405:
method designed to detect forged sender addresses in email (
2862:
717:
algorithms. The result, after encryption with the signer's
971:
content-protection standards. DKIM is compatible with the
2716:. Gmail Help entry, mentioning DKIM support when sending.
1803:"IPR disclosures, was Collecting re-chartering questions"
1628:"Email Spoofing: Explained (and How to Protect Yourself)"
1567:
Crocker, D.; Hansen, T.; Kucherawy, M. (September 2011).
1506:
1504:
1351:
Source code development of one common library is led by
2527:"DomainKeys Identified Mail (DKIM) Grows Significantly"
1838:"Yahoo! Inc.'s Statement about IPR related to RFC 6376"
1809:. Mutual Internet Practices Association. Archived from
2877:"New Gmail protections for a safer, less spammy inbox"
854:
GNU General Public License v2.0 (and no other version)
834:
header field to the message as described in RFC 7001.
1946:"Add a DMARC record - Google Apps Administrator Help"
780:
is a fixed part of the specification. This gives the
2380:
Eric Allman; Mark Delany; Jim Fenton (August 2006).
3022:
2998:
DomainKeys Identified Mail (DKIM) and Mailing Lists
2338:
DomainKeys Identified Mail (DKIM) and Mailing Lists
801:
728:In addition to the list of header fields listed in
666:for the body hash (optionally limited to the first
2967:DomainKeys Identified Mail (DKIM) Service Overview
1980:DomainKeys Identified Mail (DKIM) Service Overview
1904:"Change the status of ADSP (RFC 5617) to Historic"
1462:DomainKeys Identified Mail (DKIM) Service Overview
1041:A concern for any cryptographic solution would be
868:provide different measures of email authenticity.
817:The receiver can use the public key (value of the
736:. This list need not match the list of headers in
2073:"Ok Google: please publish your DKIM secret keys"
1770:"Yahoo! DomainKeys Patent License Agreement v1.1"
2573:RFC 6376 has been elevated to Internet Standard.
802:nslookup -q=TXT brisbane._domainkey.example.net
2444:The Authenticated Received Chain (ARC) Protocol
2265:"secdir review of draft-ietf-yam-rfc1652bis-03"
1786:Yahoo! DomainKeys Patent License Agreement v1.2
1734:Email Authentication for Internationalized Mail
2714:"I’m having trouble sending messages in Gmail"
1960:"About DMARC - Google Apps Administrator Help"
1882:
1880:
1569:"DomainKeys Identified Mail (DKIM) Signatures"
682:a more fine-grained sphere of responsibility.
2988:DomainKeys Identified Mail (DKIM) Signatures
2950:DomainKeys Identified Mail (DKIM) Signatures
2394:. sec. 5.1. I-D draft-allman-dkim-ssp-02
2023:"Postmarking: helping the fight against spam"
375:
8:
2981:DKIM Development, Deployment, and Operations
2146:DomainKeys Identified Mail (DKIM) Signatures
1659:DomainKeys Identified Mail (DKIM) Signatures
1522:DomainKeys Identified Mail (DKIM) Signatures
583:(required), Signing Domain Identifier (SDID)
1602:"DKIM: What is it and why is it important?"
701:field of the signature being created, with
611:(optional), Agent or User Identifier (AUID)
2727:"All outbound email now being DKIM signed"
2611:Jim Fenton; Michael Thomas (1 June 2004).
382:
368:
31:
2839:
2801:
2456:
2350:
2226:
2158:
1992:
1746:
1671:
1534:
1474:
653:(required), signature of headers and body
520:header fields, possibly on behalf of the
2702:"Fighting phishing with eBay and Paypal"
2640:
2638:
2636:
1626:Jason P. Stadtlander (16 January 2015).
850:DomainKeys Patent License Agreement v1.2
547:;s=brisbane; c=relaxed/simple;q=dns/txt;
2414:"Authenticated Received Chain Overview"
2092:"dkim-rotate - Principles of Operation"
1447:
1344:, and Jim Fenton and Michael Thomas of
323:
256:
206:
41:
34:
2335:Murray S. Kucherawy (September 2011).
2666:"Yahoo Releases Specs for DomainKeys"
2621:. I-D draft-fenton-identified-mail-00
1654:"Determine the Header Fields to Sign"
7:
1209:and "Identified Internet Mail" from
784:resource record to be looked up as:
705:equal to the computed body hash and
2309:Kucherawy, Murray (28 March 2011).
516:Signing modules insert one or more
617:(recommended), signature timestamp
25:
3023:DomainKeys Identified Mail (DKIM)
2497:"DKIM Frequently Asked Questions"
1729:"DKIM and Internationalized Mail"
951:, should reject any that is not.
2786:Scott Kitterman (January 2018).
2437:K. Andersen; B. Long; S. Blank;
2032:. Microsoft Office Outlook Blog.
1902:Barry Leiba (25 November 2013).
1836:Chen, Andy (26 September 2011).
605:(optional), default query method
599:algorithm(s) for header and body
2725:Mueller, Rob (13 August 2009).
2588:. 26 April 2006. Archived from
2478:Zetter, Kim (24 October 2012).
2311:"RFC4871 Implementation Report"
1389:Author Domain Signing Practices
1348:attributed as primary authors.
1316:DKIM Working Group, chaired by
788:brisbane._domainkey.example.net
764:domain to be verified against,
536:parts as in the example below:
481:organization, possibly at each
2824:John Levine (September 2018).
2382:"Mailing List Manager Actions"
922:DKIM can be useful as an anti-
721:and encoding using Base64, is
488:All of this is independent of
1:
2387:DKIM Sender Signing Practices
2207:Jim Fenton (September 2006).
2021:Roic, Alessio (5 July 2007).
1889:"Searching for Truth in DKIM"
860:Relationship to SPF and DMARC
577:(required), signing algorithm
490:Simple Mail Transfer Protocol
409:), a technique often used in
2767:"DKIM Crypto Update (dcrup)"
2700:Taylor, Brad (8 July 2008).
2644:Delany, Mark (22 May 2007).
1887:Falk, J.D. (17 March 2009).
1383:Authenticated Received Chain
1158:Authenticated Received Chain
1118:Annotations by mailing lists
1078:DKIM currently features two
674:for the signing domain, and
2525:Jim Fenton (15 June 2009).
2486:. Accessed 24 October 2012.
2077:cryptographyengineering.com
1511:Dave Crocker; Tony Hansen;
1455:Tony Hansen; Dave Crocker;
658:The most relevant ones are
3079:
1320:and Stephen Farrell, with
889:attacks easier to detect.
864:In essence, both DKIM and
842:DomainKeys was covered by
623:(recommended), expire time
395:DomainKeys Identified Mail
2141:"Security considerations"
1727:John Levine (June 2019).
1515:, eds. (September 2011).
563:where the tags used are:
2614:Identified Internet Mail
1279:elliptic curve algorithm
538:
3043:Cryptographic protocols
2913:"Sender Best Practices"
2209:"Chosen Message Replay"
2135:D. Crocker; T. Hansen;
1712:Note that there are no
1430:Sender Policy Framework
1177:Short key vulnerability
1046:queries by bad actors.
904:Use with spam filtering
832:Authentication-Results:
629:(optional), body length
494:message transfer agents
36:Internet protocol suite
2732:6 October 2011 at the
1807:ietf-dkim mailing list
1285:. The added key type,
1090:, neither of which is
989:computational overhead
804:) as in this example:
3053:Internet architecture
2747:"DMARC Group History"
2651:14 March 2013 at the
1096:X-MIME-Autoconverted:
1051:e-mail authentication
845:U.S. patent 6,986,049
670:octets of the body),
647:(required), body hash
549:i=foo@eng.example.net
511:mail submission agent
3038:Email authentication
2917:senders.yahooinc.com
2090:Ian Jackson (2022).
2071:(16 November 2020).
2028:17 July 2011 at the
1813:on 14 September 2016
1457:Phillip Hallam-Baker
1415:Email authentication
1353:The OpenDKIM Project
1340:and Miles Libbey of
1074:Content modification
1057:Arbitrary forwarding
983:Computation overhead
589:(required), selector
403:email authentication
3063:Internet governance
2537:on 24 December 2014
2259:(with agreement by
2221:. sec. 4.1.4.
2110:"DKIM Signing Keys"
2096:manpages.ubuntu.com
2043:"DKIM Verification"
1801:(25 January 2010).
1513:Murray S. Kucherawy
571:(required), version
553:foo@eng.example.net
543:v=1;a=rsa-sha256;d=
528:they sign, but the
3058:Network addressing
2263:) (5 March 2010).
1929:"FAQ - DMARC Wiki"
1436:Vouch by Reference
975:standard and with
772:tag the selector,
678:for the selector.
465:sender@example.com
2952:Proposed Standard
2901:. 3 October 2023.
2883:. 3 October 2023.
2503:. 16 October 2007
2458:10.17487/RFC8617/
2049:. 4 November 2016
2047:www.wikileaks.org
1666:. sec. 5.4.
1529:. sec. 1.5.
1399:Context filtering
1242:message integrity
1181:In October 2012,
1126:and many central
1000:Non-repudiability
911:reputation system
822:with in transit.
500:Technical details
445:Internet Standard
432:published in the
426:digital signature
392:
391:
43:Application layer
16:(Redirected from
3070:
2921:
2920:
2909:
2903:
2902:
2899:www.valimail.com
2891:
2885:
2884:
2873:
2867:
2866:
2859:
2853:
2852:
2843:
2841:10.17487/RFC8463
2821:
2815:
2814:
2805:
2803:10.17487/RFC8301
2783:
2777:
2776:
2763:
2757:
2756:
2743:
2737:
2736:. Fastmail blog.
2723:
2717:
2711:
2705:
2698:
2692:
2689:
2683:
2680:
2674:
2673:
2662:
2656:
2642:
2631:
2630:
2628:
2626:
2608:
2602:
2601:
2599:
2597:
2592:on 27 April 2006
2582:
2576:
2575:
2570:
2568:
2553:
2547:
2546:
2544:
2542:
2533:. Archived from
2522:
2516:
2515:
2510:
2508:
2493:
2487:
2476:
2470:
2469:
2460:
2434:
2428:
2427:
2425:
2423:
2418:
2410:
2404:
2403:
2401:
2399:
2377:
2371:
2370:
2368:
2366:
2354:
2352:10.17487/RFC6377
2332:
2326:
2325:
2323:
2321:
2306:
2300:
2298:
2293:
2287:
2286:
2281:
2279:
2269:YAM mailing list
2253:
2247:
2246:
2244:
2242:
2230:
2228:10.17487/RFC4686
2204:
2198:
2197:
2195:
2193:
2178:
2172:
2171:
2162:
2160:10.17487/RFC6376
2132:
2126:
2125:
2123:
2121:
2106:
2100:
2099:
2087:
2081:
2080:
2069:Matthew D. Green
2065:
2059:
2058:
2056:
2054:
2039:
2033:
2019:
2013:
2012:
2010:
2008:
1996:
1994:10.17487/RFC5585
1974:
1968:
1967:
1956:
1950:
1949:
1942:
1936:
1935:
1925:
1919:
1918:
1916:
1914:
1899:
1893:
1892:
1884:
1875:
1874:
1863:
1857:
1856:
1854:
1852:
1833:
1827:
1826:
1820:
1818:
1795:
1789:
1788:
1783:
1781:
1766:
1760:
1759:
1750:
1748:10.17487/RFC8616
1724:
1718:
1710:
1704:
1701:
1695:
1694:
1689:
1687:
1675:
1673:10.17487/RFC6376
1649:
1643:
1642:
1640:
1638:
1623:
1617:
1616:
1614:
1612:
1598:
1592:
1591:
1589:
1587:
1564:
1558:
1557:
1552:
1550:
1538:
1536:10.17487/RFC6376
1517:"Data Integrity"
1508:
1499:
1498:
1492:
1490:
1478:
1476:10.17487/RFC5585
1452:
1304:was designed by
1291:
1281:to the existing
1188:
1097:
1089:
1085:
1080:canonicalization
875:
847:
833:
803:
789:
700:
696:
597:canonicalization
558:
554:
550:
546:
542:
535:
531:
519:
384:
377:
370:
32:
21:
3078:
3077:
3073:
3072:
3071:
3069:
3068:
3067:
3028:
3027:
3019:
2936:
2934:Further reading
2925:
2924:
2911:
2910:
2906:
2893:
2892:
2888:
2875:
2874:
2870:
2861:
2860:
2856:
2823:
2822:
2818:
2785:
2784:
2780:
2765:
2764:
2760:
2745:
2744:
2740:
2734:Wayback Machine
2724:
2720:
2712:
2708:
2699:
2695:
2690:
2686:
2681:
2677:
2664:
2663:
2659:
2653:Wayback Machine
2643:
2634:
2624:
2622:
2610:
2609:
2605:
2595:
2593:
2584:
2583:
2579:
2566:
2564:
2555:
2554:
2550:
2540:
2538:
2524:
2523:
2519:
2506:
2504:
2495:
2494:
2490:
2477:
2473:
2436:
2435:
2431:
2421:
2419:
2416:
2412:
2411:
2407:
2397:
2395:
2379:
2378:
2374:
2364:
2362:
2334:
2333:
2329:
2319:
2317:
2308:
2307:
2303:
2296:
2294:
2290:
2277:
2275:
2255:
2254:
2250:
2240:
2238:
2206:
2205:
2201:
2191:
2189:
2180:
2179:
2175:
2153:. sec. 8.
2134:
2133:
2129:
2119:
2117:
2116:. 10 April 2023
2108:
2107:
2103:
2089:
2088:
2084:
2067:
2066:
2062:
2052:
2050:
2041:
2040:
2036:
2030:Wayback Machine
2020:
2016:
2006:
2004:
1976:
1975:
1971:
1958:
1957:
1953:
1944:
1943:
1939:
1927:
1926:
1922:
1912:
1910:
1901:
1900:
1896:
1886:
1885:
1878:
1865:
1864:
1860:
1850:
1848:
1835:
1834:
1830:
1816:
1814:
1799:Levine, John R.
1797:
1796:
1792:
1779:
1777:
1768:
1767:
1763:
1741:. sec. 5.
1726:
1725:
1721:
1711:
1707:
1702:
1698:
1685:
1683:
1651:
1650:
1646:
1636:
1634:
1625:
1624:
1620:
1610:
1608:
1606:postmarkapp.com
1600:
1599:
1595:
1585:
1583:
1566:
1565:
1561:
1548:
1546:
1510:
1509:
1502:
1488:
1486:
1454:
1453:
1449:
1444:
1379:
1365:
1357:New BSD License
1334:PGP Corporation
1298:
1286:
1240:sender and the
1203:
1186:
1179:
1151:message streams
1120:
1095:
1087:
1083:
1076:
1059:
1026:
1006:non-repudiation
1002:
985:
957:
920:
906:
882:
873:
862:
843:
840:
831:
830:, or adding an
808:
787:
750:
699:DKIM-Signature:
698:
694:
656:
561:
560:
557:joe@example.com
556:
552:
548:
544:
541:DKIM-Signature:
540:
533:
529:
518:DKIM-Signature:
517:
507:
502:
453:
388:
208:Transport layer
28:
23:
22:
15:
12:
11:
5:
3076:
3074:
3066:
3065:
3060:
3055:
3050:
3045:
3040:
3030:
3029:
3026:
3025:
3018:
3017:External links
3015:
3014:
3013:
3006:
2999:
2992:
2990:Draft Standard
2982:
2975:
2968:
2961:
2954:
2944:
2935:
2932:
2923:
2922:
2904:
2886:
2868:
2854:
2816:
2778:
2758:
2738:
2718:
2706:
2693:
2684:
2675:
2672:. 19 May 2004.
2657:
2632:
2603:
2577:
2563:. 11 July 2013
2548:
2517:
2488:
2471:
2429:
2405:
2372:
2327:
2301:
2288:
2248:
2199:
2173:
2127:
2101:
2082:
2060:
2034:
2014:
1969:
1965:authenticated.
1951:
1937:
1920:
1894:
1876:
1858:
1842:IPR disclosure
1828:
1790:
1761:
1719:
1705:
1696:
1644:
1618:
1593:
1559:
1500:
1446:
1445:
1443:
1440:
1439:
1438:
1433:
1427:
1422:
1417:
1412:
1407:
1401:
1396:
1394:Bounce message
1391:
1386:
1378:
1375:
1364:
1361:
1297:
1294:
1232:to verify the
1202:
1199:
1178:
1175:
1136:DKIM-Signature
1119:
1116:
1075:
1072:
1058:
1055:
1043:message replay
1025:
1022:
1001:
998:
984:
981:
956:
953:
919:
916:
905:
902:
901:
900:
897:
881:
878:
861:
858:
839:
836:
806:
760:tag gives the
749:
746:
655:
654:
648:
642:
636:
630:
624:
618:
612:
606:
600:
590:
584:
578:
572:
565:
539:
506:
503:
501:
498:
452:
449:
407:email spoofing
390:
389:
387:
386:
379:
372:
364:
361:
360:
359:
358:
351:
346:
341:
336:
328:
327:
321:
320:
319:
318:
311:
306:
301:
296:
291:
281:
280:
279:
274:
261:
260:
258:Internet layer
254:
253:
252:
251:
244:
239:
234:
229:
224:
219:
211:
210:
204:
203:
202:
201:
194:
189:
184:
179:
174:
169:
164:
159:
154:
149:
144:
139:
134:
129:
124:
119:
114:
109:
104:
99:
94:
89:
84:
74:
69:
64:
54:
46:
45:
39:
38:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
3075:
3064:
3061:
3059:
3056:
3054:
3051:
3049:
3046:
3044:
3041:
3039:
3036:
3035:
3033:
3024:
3021:
3020:
3016:
3011:
3007:
3004:
3000:
2997:
2993:
2991:
2987:
2983:
2980:
2976:
2973:
2969:
2966:
2962:
2959:
2955:
2953:
2949:
2945:
2942:
2938:
2937:
2933:
2931:
2930:
2918:
2914:
2908:
2905:
2900:
2896:
2890:
2887:
2882:
2878:
2872:
2869:
2864:
2858:
2855:
2850:
2847:
2842:
2837:
2833:
2829:
2828:
2820:
2817:
2812:
2809:
2804:
2799:
2795:
2791:
2790:
2782:
2779:
2774:
2773:
2768:
2762:
2759:
2754:
2753:
2748:
2742:
2739:
2735:
2731:
2728:
2722:
2719:
2715:
2710:
2707:
2704:. Gmail Blog.
2703:
2697:
2694:
2688:
2685:
2679:
2676:
2671:
2667:
2661:
2658:
2654:
2650:
2647:
2641:
2639:
2637:
2633:
2620:
2616:
2615:
2607:
2604:
2591:
2587:
2581:
2578:
2574:
2562:
2558:
2552:
2549:
2536:
2532:
2528:
2521:
2518:
2514:
2502:
2498:
2492:
2489:
2485:
2481:
2475:
2472:
2467:
2464:
2459:
2454:
2450:
2446:
2445:
2440:
2433:
2430:
2415:
2409:
2406:
2393:
2389:
2388:
2383:
2376:
2373:
2361:
2358:
2353:
2348:
2344:
2340:
2339:
2331:
2328:
2316:
2312:
2305:
2302:
2292:
2289:
2285:
2274:
2270:
2266:
2262:
2258:
2252:
2249:
2237:
2234:
2229:
2224:
2220:
2216:
2215:
2210:
2203:
2200:
2187:
2183:
2177:
2174:
2169:
2166:
2161:
2156:
2152:
2148:
2147:
2142:
2138:
2131:
2128:
2115:
2111:
2105:
2102:
2097:
2093:
2086:
2083:
2078:
2074:
2070:
2064:
2061:
2048:
2044:
2038:
2035:
2031:
2027:
2024:
2018:
2015:
2003:
2000:
1995:
1990:
1986:
1982:
1981:
1973:
1970:
1966:
1961:
1955:
1952:
1947:
1941:
1938:
1934:
1930:
1924:
1921:
1909:
1905:
1898:
1895:
1890:
1883:
1881:
1877:
1872:
1868:
1862:
1859:
1847:
1843:
1839:
1832:
1829:
1825:
1812:
1808:
1804:
1800:
1794:
1791:
1787:
1775:
1771:
1765:
1762:
1757:
1754:
1749:
1744:
1740:
1736:
1735:
1730:
1723:
1720:
1715:
1709:
1706:
1700:
1697:
1693:
1682:
1679:
1674:
1669:
1665:
1661:
1660:
1655:
1648:
1645:
1633:
1629:
1622:
1619:
1607:
1603:
1597:
1594:
1582:
1578:
1574:
1570:
1563:
1560:
1556:
1545:
1542:
1537:
1532:
1528:
1524:
1523:
1518:
1514:
1507:
1505:
1501:
1497:
1485:
1482:
1477:
1472:
1468:
1464:
1463:
1459:(July 2009).
1458:
1451:
1448:
1441:
1437:
1434:
1431:
1428:
1426:
1423:
1421:
1418:
1416:
1413:
1411:
1408:
1405:
1402:
1400:
1397:
1395:
1392:
1390:
1387:
1384:
1381:
1380:
1376:
1374:
1371:
1368:
1362:
1360:
1358:
1354:
1349:
1347:
1346:Cisco Systems
1343:
1339:
1335:
1331:
1327:
1323:
1319:
1315:
1310:
1307:
1303:
1300:The original
1295:
1293:
1290:
1284:
1280:
1276:
1271:
1269:
1264:
1262:
1258:
1254:
1250:
1245:
1243:
1239:
1235:
1231:
1227:
1223:
1220:
1216:
1212:
1208:
1200:
1198:
1195:
1191:
1184:
1176:
1174:
1172:
1168:
1163:
1159:
1154:
1152:
1148:
1144:
1139:
1137:
1133:
1129:
1125:
1124:mailing lists
1117:
1115:
1111:
1109:
1105:
1101:
1093:
1081:
1073:
1071:
1069:
1065:
1056:
1054:
1052:
1047:
1044:
1039:
1036:
1034:
1029:
1023:
1021:
1018:
1013:
1011:
1007:
999:
997:
995:
990:
982:
980:
978:
974:
970:
966:
961:
955:Compatibility
954:
952:
950:
946:
942:
938:
934:
930:
925:
918:Anti-phishing
917:
915:
912:
903:
898:
895:
894:
893:
890:
888:
879:
877:
871:
867:
859:
857:
855:
851:
846:
837:
835:
829:
823:
820:
815:
813:
805:
799:
795:
790:
785:
783:
779:
776:. The string
775:
771:
768: ; the
767:
763:
759:
755:
747:
745:
741:
739:
735:
731:
726:
724:
720:
716:
712:
708:
704:
692:
688:
683:
679:
677:
673:
669:
665:
661:
652:
649:
646:
643:
640:
637:
634:
631:
628:
625:
622:
619:
616:
613:
610:
607:
604:
601:
598:
594:
591:
588:
585:
582:
579:
576:
573:
570:
567:
566:
564:
537:
527:
526:header fields
523:
514:
512:
504:
499:
497:
495:
491:
486:
484:
480:
475:
473:
468:
466:
462:
458:
450:
448:
446:
441:
439:
435:
431:
427:
423:
418:
416:
412:
408:
404:
400:
396:
385:
380:
378:
373:
371:
366:
365:
363:
362:
357:
356:
352:
350:
347:
345:
342:
340:
337:
335:
332:
331:
330:
329:
326:
322:
317:
316:
312:
310:
307:
305:
302:
300:
297:
295:
292:
289:
285:
282:
278:
275:
273:
270:
269:
268:
265:
264:
263:
262:
259:
255:
250:
249:
245:
243:
240:
238:
235:
233:
230:
228:
225:
223:
220:
218:
215:
214:
213:
212:
209:
205:
200:
199:
195:
193:
190:
188:
185:
183:
180:
178:
175:
173:
170:
168:
165:
163:
160:
158:
155:
153:
150:
148:
145:
143:
140:
138:
135:
133:
130:
128:
125:
123:
120:
118:
115:
113:
110:
108:
105:
103:
100:
98:
95:
93:
90:
88:
85:
82:
78:
75:
73:
70:
68:
65:
62:
58:
55:
53:
50:
49:
48:
47:
44:
40:
37:
33:
30:
19:
2989:
2951:
2926:
2916:
2907:
2898:
2889:
2880:
2871:
2857:
2826:
2819:
2788:
2781:
2770:
2761:
2750:
2741:
2721:
2709:
2696:
2687:
2678:
2669:
2660:
2623:. Retrieved
2613:
2606:
2594:. Retrieved
2590:the original
2580:
2572:
2565:. Retrieved
2551:
2539:. Retrieved
2535:the original
2520:
2512:
2505:. Retrieved
2500:
2491:
2483:
2474:
2443:
2439:M. Kucherawy
2432:
2420:. Retrieved
2408:
2396:. Retrieved
2386:
2375:
2363:. Retrieved
2337:
2330:
2318:. Retrieved
2304:
2291:
2283:
2276:. Retrieved
2268:
2261:John Klensin
2251:
2239:. Retrieved
2213:
2202:
2190:. Retrieved
2185:
2176:
2145:
2137:M. Kucherawy
2130:
2118:. Retrieved
2113:
2104:
2095:
2085:
2076:
2063:
2051:. Retrieved
2046:
2037:
2017:
2005:. Retrieved
1979:
1972:
1963:
1954:
1940:
1932:
1923:
1911:. Retrieved
1897:
1870:
1861:
1849:. Retrieved
1841:
1831:
1822:
1815:. Retrieved
1811:the original
1806:
1793:
1785:
1778:. Retrieved
1764:
1733:
1722:
1708:
1699:
1691:
1684:. Retrieved
1658:
1647:
1635:. Retrieved
1621:
1609:. Retrieved
1605:
1596:
1584:. Retrieved
1572:
1562:
1554:
1547:. Retrieved
1521:
1494:
1487:. Retrieved
1461:
1450:
1372:
1369:
1366:
1352:
1350:
1311:
1301:
1299:
1272:
1268:mailing list
1265:
1246:
1204:
1193:
1192:
1182:
1180:
1160:(ARC) is an
1155:
1150:
1140:
1135:
1131:
1121:
1112:
1103:
1099:
1082:algorithms,
1077:
1063:
1060:
1048:
1040:
1037:
1030:
1027:
1016:
1014:
1003:
986:
962:
958:
921:
907:
891:
883:
863:
853:
849:
841:
824:
818:
816:
812:CNAME record
809:
791:
786:
777:
773:
769:
765:
761:
757:
752:A receiving
751:
748:Verification
742:
737:
733:
729:
727:
722:
714:
710:
706:
702:
690:
686:
684:
680:
675:
671:
667:
663:
659:
657:
650:
644:
638:
632:
626:
620:
614:
608:
602:
595:(optional),
592:
586:
580:
574:
568:
562:
521:
515:
508:
487:
478:
476:
471:
469:
464:
454:
442:
419:
398:
394:
393:
354:
314:
247:
197:
29:
2320:18 February
2192:26 December
1891:. CircleID.
1774:SourceForge
1611:19 February
1363:Enforcement
1338:Mark Delany
1322:Eric Allman
1318:Barry Leiba
1306:Mark Delany
1296:Development
1033:return-path
828:FBL message
766:example.net
719:private key
545:example.net
443:DKIM is an
438:attachments
3032:Categories
2863:"OpenDKIM"
2670:DMNews.com
2541:28 October
2398:10 January
2365:10 January
2241:10 January
2053:7 November
1637:11 January
1573:RFC Editor
1442:References
1410:DomainKeys
1330:Jon Callas
1302:DomainKeys
1234:DNS domain
1187:google.com
1024:Weaknesses
880:Advantages
798:public key
778:_domainkey
430:public key
415:email spam
325:Link layer
18:Domainkeys
3048:Anti-spam
3008:RFC
3001:RFC
2994:RFC
2984:RFC
2977:RFC
2970:RFC
2963:RFC
2956:RFC
2946:RFC
2939:RFC
2625:6 January
2596:4 January
2507:4 January
2257:Ned Freed
2098:. Ubuntu.
2079:. Google.
1871:dmarc.org
1867:"History"
1851:3 October
1686:6 January
1581:2070-1721
1549:6 January
1489:6 January
1128:antivirus
1010:WikiLeaks
695:Received:
534:tag=value
2730:Archived
2649:Archived
2501:DKIM.org
2186:IETF.org
2120:27 April
2114:iecc.com
2026:Archived
1913:13 March
1632:HuffPost
1586:30 March
1377:See also
1326:sendmail
1261:FastMail
1108:us-ascii
1104:epilogue
1100:preamble
994:hashcash
924:phishing
887:phishing
774:brisbane
479:receiver
461:phishing
451:Overview
411:phishing
401:) is an
2567:12 July
2422:15 June
2297:{{{1}}}
1420:OpenPGP
1201:History
1134:tag in
1088:relaxed
1062:of the
1004:DKIM's
969:OpenPGP
505:Signing
355:more...
339:Tunnels
315:more...
248:more...
198:more...
187:TLS/SSL
142:ONC/RPC
79: (
2881:Google
2278:30 May
2188:. IETF
2007:1 July
1824:wrote.
1817:30 May
1780:30 May
1776:. 2006
1717:scope.
1579:
1425:S/MIME
1342:Yahoo!
1238:e-mail
1236:of an
1102:, the
1084:simple
1068:botnet
973:DNSSEC
965:S/MIME
945:PayPal
838:Patent
762:author
522:author
472:author
422:domain
182:Telnet
81:HTTP/3
2531:Cisco
2484:Wired
2466:8617/
2417:(PDF)
1432:(SPF)
1404:DMARC
1385:(ARC)
1289:25519
1275:SHA-1
1253:Gmail
1249:Yahoo
1230:Yahoo
1226:Cisco
1211:Cisco
1207:Yahoo
1194:Wired
1183:Wired
1162:email
949:Gmail
933:DMARC
874:From:
870:DMARC
852:, or
530:From:
309:IPsec
87:HTTPS
3010:8463
3003:8301
2996:6377
2986:6376
2979:5863
2972:5672
2965:5585
2958:5617
2948:4871
2941:4686
2927:50.
2849:8463
2832:IETF
2811:8301
2794:IETF
2772:IETF
2752:IETF
2627:2016
2619:IETF
2598:2016
2569:2013
2561:IETF
2543:2014
2509:2016
2449:IETF
2424:2017
2400:2016
2392:IETF
2367:2016
2360:6377
2343:IETF
2322:2012
2315:IETF
2280:2010
2273:IETF
2243:2016
2236:4686
2219:IETF
2194:2018
2168:6376
2151:IETF
2122:2023
2055:2016
2009:2013
2002:5585
1985:IETF
1915:2015
1908:IETF
1853:2011
1846:IETF
1819:2010
1782:2010
1756:8616
1739:IETF
1688:2016
1681:6376
1664:IETF
1639:2016
1613:2022
1588:2020
1577:ISSN
1551:2016
1544:6376
1527:IETF
1491:2016
1484:5585
1467:IETF
1314:IETF
1287:k=ed
1259:and
1215:IETF
1171:DKIM
1169:and
1156:The
1147:ADSP
1092:MIME
1086:and
967:and
943:and
941:eBay
929:ADSP
794:IDNA
754:SMTP
555:|To:
457:spam
413:and
399:DKIM
304:IGMP
284:ICMP
242:QUIC
237:RSVP
232:SCTP
227:DCCP
192:XMPP
172:SNMP
167:SMTP
152:RTSP
127:OSPF
117:NNTP
112:MQTT
107:MGCP
102:LDAP
92:IMAP
77:HTTP
57:DHCP
2846:RFC
2836:doi
2808:RFC
2798:doi
2463:RFC
2453:doi
2357:RFC
2347:doi
2233:RFC
2223:doi
2165:RFC
2155:doi
1999:RFC
1989:doi
1753:RFC
1743:doi
1714:CAs
1678:RFC
1668:doi
1541:RFC
1531:doi
1496:do.
1481:RFC
1471:doi
1332:of
1324:of
1283:RSA
1257:AOL
1219:STD
1167:SPF
1143:SPF
977:SPF
937:SPF
866:SPF
782:TXT
483:hop
434:DNS
349:MAC
344:PPP
334:ARP
299:ECN
294:NDP
222:UDP
217:TCP
177:SSH
162:SIP
157:RIP
147:RTP
137:PTP
132:POP
122:NTP
97:IRC
72:FTP
67:DNS
52:BGP
3034::
2915:.
2897:.
2879:.
2844:.
2834:.
2830:.
2806:.
2796:.
2792:.
2769:.
2749:.
2668:.
2635:^
2617:.
2571:.
2559:.
2529:.
2511:.
2499:.
2482:.
2461:.
2451:.
2447:.
2441:.
2390:.
2384:.
2355:.
2345:.
2341:.
2313:.
2282:.
2271:.
2267:.
2231:.
2217:.
2211:.
2184:.
2163:.
2149:.
2143:.
2139:.
2112:.
2094:.
2075:.
2045:.
1997:.
1987:.
1983:.
1962:.
1931:.
1906:.
1879:^
1869:.
1844:.
1840:.
1821:.
1805:.
1784:.
1772:.
1751:.
1737:.
1731:.
1690:.
1676:.
1662:.
1656:.
1630:.
1604:.
1575:.
1571:.
1553:.
1539:.
1525:.
1519:.
1503:^
1493:.
1479:.
1469:.
1465:.
1359:.
1336:,
1328:,
1255:,
1251:,
1244:.
1222:76
1153:.
1053:.
979:.
856:.
810:A
740:.
725:.
703:bh
664:bh
645:bh
496:.
485:.
459:,
417:.
288:v6
277:v6
272:v4
267:IP
61:v6
2919:.
2865:.
2851:.
2838::
2813:.
2800::
2775:.
2755:.
2629:.
2600:.
2545:.
2468:.
2455::
2426:.
2402:.
2369:.
2349::
2324:.
2245:.
2225::
2196:.
2170:.
2157::
2124:.
2057:.
2011:.
1991::
1948:.
1917:.
1873:.
1855:.
1758:.
1745::
1670::
1641:.
1615:.
1590:.
1533::
1473::
1132:l
1064:l
1017:x
819:p
770:s
758:d
738:h
734:z
730:h
723:b
715:c
711:h
707:b
691:h
687:l
676:s
672:d
668:l
660:b
651:b
639:z
633:h
627:l
621:x
615:t
609:i
603:q
593:c
587:s
581:d
575:a
569:v
397:(
383:e
376:t
369:v
290:)
286:(
83:)
63:)
59:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.