2015/02/10

DKIM crashed

My DKIM signature on outgoing emails has crashed over 3 months.  As a good security practice, I changed the key some time ago and uploaded the public key as a DNS text record.  In the course of checking the key before updating the DNS, a space character was inadvertently inserted which I still could not figure out how such thing could have happened.  By now the root cause is known and rectified, every outgoing has reinstated the DKIM signature for the receiving SMTP server to verify.   What a bad luck.   

Some years ago, I stumbled through an IT magazine saying that PGP, S/MIME and DKIM are the protocols for securing emails.  While they are use public key cryptographic approach, DKIM can not encrypt the email body.  It can only authenticate the sender.  The other obvious advantage is that it can help the sender to gain higher scores in the sender reputation and the likelihood of treating emails from the sender as spam or malicious emails is much reduced.   Last but not least, the DKIM verification can also ensure that message body is not tampered by man-in-the-middle attack in the course of delivery. 

No comments: