DomainKeys Identified Mail

From ForensicsWiki
Revision as of 18:22, 29 April 2007 by Jessek (Talk | contribs) (Added reference)

Jump to: navigation, search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

DomainKeys Identified Mail (DKIM) is a method for signing email messages to help eliminate spam.

The signature in each message should give the domain (d=) and selector (s=). The appropriate key can be retrived as a TXT DNS record from the host selector._domainkey.domain [1]. A sample message from Gmail had the following DKIM header:

DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;; s=beta;

We can thus retrieve the Gmail key with:

$ host -t txt descriptive text "t=y\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3oNfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZEWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niRsZF/IBr5p8uQIDAQAB"

External Links