1074:, without control. The email provider who signed the message can block the offending user, but cannot stop the diffusion of already-signed messages. The validity of signatures in such messages can be limited by always including an expiration time tag in signatures, or by revoking a public key periodically or upon a notification of an incident. Effectiveness of the scenario can hardly be limited by filtering outgoing mail, as that implies the ability to detect if a message might potentially be useful to spammers.
1193:
corporate domain, as well as several other high-profile domains. He stated that authentication with 384-bit keys can be factored in as little as 24 hours "on my laptop," and 512-bit keys, in about 72 hours with cloud computing resources. Harris found that many organizations sign email with such short
685:
An Agent or User
Identifier (AUID) can optionally be included. The format is an email address with an optional local-part. The domain must be equal to, or a subdomain of, the signing domain. The semantics of the AUID are intentionally left undefined, and may be used by the signing domain to establish
1312:
of Yahoo! and enhanced through comments from many others since 2004. It is specified in
Historic RFC 4870, superseded by Standards Track RFC 4871, DomainKeys Identified Mail (DKIM) Signatures; both published in May 2007. A number of clarifications and conceptualizations were collected thereafter and
1065:
As mentioned above, authentication is not the same as abuse prevention. A malicious email user of a reputable domain can compose a bad message and have it DKIM-signed and sent from that domain to any mailbox from where they can retrieve it as a file, so as to obtain a signed copy of the message. Use
917:
to better identify spam. Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered. If a receiving system has a whitelist of known good sending domains, either locally maintained or from third party certifiers, it can skip the filtering on signed mail
930:
technology. Mailers in heavily phished domains can sign their mail to show that it is genuine. Recipients can take the absence of a valid signature on mail from those domains to be an indication that the mail is probably forged. The best way to determine the set of domains that merit this degree of
825:
tag) to then validate the signature on the hash value in the header field, and check it against the hash value for the mail message (headers and body) that was received. If the two values match, this cryptographically proves that the mail was signed by the indicated domain and has not been tampered
1023:
tag on each signature, which establishes a formal expiration time; however, verifiers can ignore it. In addition, domain owners can revoke a public key by removing its cryptographic data from the record, thereby preventing signature verification unless someone saved the public key data beforehand.
1499:
Receivers who successfully verify a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behaviors. DKIM does not, itself, prescribe any specific actions by the recipient; rather, it is an enabling technology for services that
468:, with the goal of convincing the recipient to accept and to read the email—and it is difficult for recipients to establish whether to trust this message. System administrators also have to deal with complaints about malicious email that appears to have originated from their systems, but did not.
1049:
abuse, which bypasses techniques that currently limit the level of abuse from larger domains. Replay can be inferred by using per-message public keys, tracking the DNS queries for those keys and filtering out the high number of queries due to e-mail being sent to large mailing lists or malicious
912:
DKIM is a method of labeling a message, and it does not itself filter or identify spam. However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. If spammers are forced to show a correct source domain, other
1313:
specified in RFC 5672, August 2009, in the form of corrections to the existing specification. In
September 2011, RFC 6376 merged and updated the latter two documents, while preserving the substance of the DKIM protocol. Public key compatibility with the earlier DomainKeys is also possible.
1200:
stated that Harris reported, and Google confirmed, that they began using new longer keys soon after his disclosure. According to RFC 6376 the receiving party must be able to validate signatures with keys ranging from 512 bits to 2048 bits, thus usage of keys shorter than 512 bits might be
1149:. For yet another workaround, it was proposed that forwarders verify the signature, modify the email, and then re-sign the message with a Sender: header. However, this solution has its risk with forwarded third party signed messages received at SMTP receivers supporting the RFC 5617
1024:
DKIM key rotation is often recommended just to minimize the impact of compromised keys. However, in order to definitely disable non-repudiation, expired secret keys can be published, thereby allowing everyone to produce fake signatures, thus voiding the significance of original ones.
829:
Signature verification failure does not force rejection of the message. Instead, the precise reasons why the authenticity of the message could not be proven should be made available to downstream and upstream processes. Methods for doing so may include sending back an
888:
The primary advantage of this system for e-mail recipients is in allowing the signing domain to reliably identify a stream of legitimate email, thereby allowing domain-based blacklists and whitelists to be more effective. This is also likely to make certain kinds of
1968:
Your policy can be strict or relaxed. For example, eBay and PayPal publish a policy requiring all of their mail to be authenticated in order to appear in someone's inbox. In accordance with their policy, Google rejects all messages from eBay or PayPal that aren't
1194:
keys; he factored them all and notified the organizations of the vulnerability. He states that 768-bit keys could be factored with access to very large amounts of computing power, so he suggests that DKIM signing should use key lengths greater than 1,024.
747:
Algorithms, fields, and body length are meant to be chosen so as to assure unambiguous message identification while still allowing signatures to survive the unavoidable changes which are going to occur in transit. No end-to-end data integrity is implied.
1117:
The OpenDKIM Project organized a data collection involving 21 mail servers and millions of messages. 92.3% of observed signatures were successfully verified, a success rate that drops slightly (90.5%) when only mailing list traffic is considered.
811:"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDmzRmJRQxLEuyYiyMg4suA2Sy MwR5MGHpP9diNT1hRiwUd/mZp1ro7kIDTKS8ttkI6z6eTRW9e9dDOxzSxNuXmume60Cjbu08gOyhPG3 GfWdg7QkdN6kR4V75MFlw624VY35DaXBvnlTJTgRg/EW72O1DiYVThkyCgpSYS8nmEQIDAQAB"
1168:
authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email's original authentication results. This allows a receiving service to validate an email when the email's
1720:
nor revocation lists involved in DKIM key management, and the selector is a straightforward method to allow signers to add and remove keys whenever they wish – long lasting signatures for archival purposes are outside DKIM's
963:
Because it is implemented using DNS records and an added RFC 5322 header field, DKIM is compatible with the existing e-mail infrastructure. In particular, it is transparent to existing e-mail systems that lack DKIM support.
995:
not otherwise required for e-mail delivery. This additional computational overhead is a hallmark of digital postmarks, making sending bulk spam more (computationally) expensive. This facet of DKIM may look similar to
1827:
The reference to the GPL looks to me like it only covers the old
Sourceforge DK library, which I don't think anyone uses any more. The patent, which is what's important, is covered by a separate license that Yahoo
493:(SMTP) routing aspects, in that it operates on the RFC 5322 message—the transported mail's header and body—not the SMTP "envelope" defined in RFC 5321. Hence, DKIM signatures survive basic relaying across multiple
440:) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients.
1937:
The DMARC standard states in
Section 6.7, "Policy Enforcement Considerations," that if a DMARC policy is discovered the receiver must disregard policies advertised through other means such as SPF or ADSP.
1270:
Discussions about DKIM signatures passing through indirect mail flows, formally in the DMARC working group, took place right after the first adoptions of the new protocol wreaked havoc on regular
1126:
The problems might be exacerbated when filtering or relaying software makes changes to a message. Without specific precaution implemented by the sender, the footer addition operated by most
2029:
563:| Subject:demo=20run|Date:July=205,=202005=203:44:08=20PM=20-0700; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ VoG4ZHRNiYzR
900:
It allows a great reduction in abuse desk work for DKIM-enabled domains if e-mail receivers use the DKIM system to identify forged e-mail messages claiming to be from that domain.
876:
provides the ability for an organisation to publish a policy that specifies which mechanism (DKIM, SPF, or both) is employed when sending email from that domain; how to check the
1277:
In 2017, another working group was launched, DKIM Crypto Update (dcrup), with the specific restriction to review signing techniques. RFC 8301 was issued in
January 2018. It bans
1019:
Many consider non-repudiation a non-wanted feature of DKIM, forced by behaviors such as those just described. Indeed, DKIM protocol provides for expiration. There is an optional
1251:
Aspects of DomainKeys, along with parts of
Identified Internet Mail, were combined to create DomainKeys Identified Mail (DKIM). Trendsetting providers implementing DKIM include
1559:
Verifying the signature asserts that the hashed content has not changed since it was signed and asserts nothing else about "protecting" the end-to-end integrity of the message.
1201:
incompatible and shall be avoided. RFC 6376 also states that signers must use keys of at least 1024 bits for long-lived keys, though long-livingness is not specified there.
2652:
2288:
DKIM WG opted for canonical form simplicity over a canonical form that's robust in the face of encoding changes. It was their engineering choice to make and they made it.
1142:
header. Anything added beyond the specified length of the message body is not taken into account while calculating DKIM signature. This won't work for MIME messages.
1707:
Signing modules use the private half of a key-pair to do the signing, and publish the public half in a DNS TXT record as outlined in the "Verification" section below.
514:, site, or further intermediary along the transit path, or an indirect handler such as an independent service that is providing assistance to a direct handler.
2530:
943:
and DKIM) they employ, which makes it easier for the receiver to make an informed decision whether a certain mail is spam or not. For example, using DMARC,
2733:
1374:
In
February 2024, Google started requiring bulk senders to authenticate their emails with DKIM to successfully deliver emails to Google-hosted mailboxes.
2717:
1371:
Email providers are increasingly requiring senders to implement email authentication in order to successfully deliver mail to their users' mailboxes.
701:
fields are inserted in the header. A non-existing field matches the empty string, so that adding a field with that name will break the signature. The
689:
Both header and body contribute to the signature. First, the message body is hashed, always from the beginning, possibly truncated to a given length
381:
1134:
solutions will break the DKIM signature. A possible mitigation is to sign only designated number of bytes of the message body. It is indicated by
1070:
tag in signatures makes doctoring such messages even easier. The signed copy can then be forwarded to a million recipients, for example through a
2026:
880:
field presented to end users; how the receiver should deal with failures—and a reporting mechanism for actions performed under those policies.
2517:
DKIM was produced by an industry consortium in 2004. It merged and enhanced DomainKeys, from Yahoo! and
Identified Internet Mail, from Cisco.
1000:, except that the receiver side verification is a negligible amount of work, while a typical hashcash algorithm would require far more work.
1177:
records are rendered invalid by an intermediate server's processing. ARC is defined in RFC 8617, published in July 2019, as "Experimental".
760:
server wanting to verify uses the domain name and the selector to perform a DNS lookup. For example, given the example signature above: the
1012:
feature prevents senders (such as spammers) from credibly denying having sent an email. It has proven useful to news media sources such as
141:
1377:
Similarly in
February 2024, Yahoo started requiring bulk senders to implement SPF and DKIM to successfully deliver emails to Yahoo users.
1806:
796:
Note that the selector and the domain name can be UTF-8 in internationalized email. In that case the label must be encoded according to
455:
The need for email validated identification arises because forged addresses and content are otherwise easily created—and widely used in
1282:
2076:
1189:
reported that mathematician Zach Harris detected and demonstrated an email source spoofing vulnerability with short DKIM keys for the
903:
The domain owner can then focus its abuse team energies on its own users who actually are making inappropriate use of that domain.
2932:
1316:
DKIM was initially produced by an informal industry consortium and was then submitted for enhancement and standardization by the
550:
2649:
1631:
2669:
475:
organization) to communicate which email it considers legitimate. It does not directly prevent or disclose abusive behavior.
374:
101:
717:— if it does, it refers to another, preexisting signature. For both hashes, text is canonicalized according to the relevant
555:
2686:
RFC 4870 ("Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys)"; obsoleted by RFC 4871).
935:
that lets authors that sign all their mail self-identify, but it was demoted to historic status in November 2013. Instead,
800:
before lookup. The data returned from the query of this record is also a list of tag-value pairs. It includes the domain's
428:, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's
231:
226:
196:
1360:
465:
1039:
and message recipients. Since DKIM does not attempt to protect against mis-addressing, this does not affect its utility.
818:
can also be used to point at a different TXT record, for example when one organization sends email on behalf of another.
56:
2095:
1016:, which has been able to leverage DKIM body signatures to prove that leaked emails were genuine and not tampered with.
303:
246:
171:
1696:
The From header field MUST be signed (that is, included in the "h=" tag of the resulting DKIM-Signature header field).
1102:
header fields. In addition, servers in certain circumstances have to rewrite the MIME structure, thereby altering the
2705:
313:
283:
2880:
991:
DKIM requires cryptographic checksums to be generated for each message sent through a mail server, which results in
560:
3046:
2538:
367:
298:
91:
2898:
736:, a list of header fields (including both field name and value) present at the time of signing may be provided in
2835:
2797:
2622:
2395:
2346:
2318:
2222:
1988:
1742:
1667:
1530:
1470:
1392:
1317:
1271:
1150:
951:
both publish policies that all of their mail is authenticated, and requesting that any receiving system, such as
932:
483:
3056:
2730:
116:
106:
478:
DKIM also provides a process for verifying a signed message. Verifying modules typically act on behalf of the
3041:
2385:
1892:
490:
236:
216:
166:
2589:
1114:, provided that MIME header fields are not signed, enjoy the robustness that end-to-end integrity requires.
3066:
2560:
1386:
1161:
156:
151:
146:
2483:
1907:
1098:-aware. Mail servers can legitimately convert to a different character set, and often document this with
3061:
333:
293:
161:
2616:
1932:
1281:
and updates key sizes (from 512-2048 to 1024-4096). RFC 8463 was issued in September 2018. It adds an
713:
equal to the empty string, is implicitly added to the second hash, albeit its name must not appear in
697:. Repeated field names are matched from the bottom of the header upward, which is the order in which
2185:
1274:
use. However, none of the proposed DKIM changes passed. Instead, mailing list software was changed.
525:
organization or the originating service provider. The specification allows signers to choose which
186:
126:
1773:
1110:, and entity boundaries, any of which breaks DKIM signatures. Only plain text messages written in
2389:
2268:
1433:
1170:
1146:
1127:
980:
940:
913:
filtering techniques can work more effectively. In particular, the source domain can feed into a
869:
722:
429:
353:
343:
136:
51:
35:
939:
can be used for the same purpose and allows domains to self-publish which techniques (including
494:
221:
71:
2417:
2212:
2314:
1814:
1717:
1054:
831:
511:
463:
and other email-based fraud. For example, a fraudster may send a message claiming to be from
348:
121:
1657:
1520:
2849:
2811:
2695:
RFC 6376 ("DomainKeys Identified Mail (DKIM) Signatures"; obsoletes RFC 4871 and RFC 5672).
2466:
2360:
2236:
2168:
2002:
1756:
1681:
1544:
1484:
1460:
1418:
992:
402:
131:
17:
2590:"Identified Internet Mail: A network based message signing approach to combat email fraud"
2144:
1732:
447:. It is defined in RFC 6376, dated September 2011, with updates in RFC 8301 and RFC 8463.
420:
DKIM allows the receiver to check that an email that claimed to have come from a specific
8:
1042:
A number of concerns were raised and refuted in 2013 at the time of the standardization.
666:
for the actual digital signature of the contents (headers and body) of the mail message,
1296:
is adequately strong while featuring short public keys, more easily publishable in DNS.
3051:
2659:. Yahoo! corporate blog. Delany is credited as Chief Architect, inventor of DomainKeys.
1439:
1286:
1225:
1131:
433:
338:
66:
693:(which may be zero). Second, selected header fields are hashed, in the order given by
1580:
1402:
1245:
1222:
914:
510:
The signing organization can be a direct handler of the message, such as the author,
444:
436:. A valid signature also guarantees that some parts of the email (possibly including
425:
266:
42:
1963:
1949:
1232:
as a signature-based mail authentication standard, while DomainKeys was designed by
553:; t=1117574938;x=1118006938;l=200; h=from:to:subject:date:keywords:keywords; z=From:
2839:
2801:
2456:
2442:
2350:
2299:
RFC 2045 allows a parameter value to be either a token or a quoted-string, e.g. in
2226:
2158:
2140:
2072:
2046:
1992:
1746:
1671:
1534:
1516:
1474:
1209:
DKIM resulted in 2004 from merging two similar efforts, "enhanced DomainKeys" from
1083:
852:, now expired. Yahoo! licensed its patent claims under a dual license scheme: the
600:
437:
1221:
standards-track specifications and support documents which eventually resulted in
967:
This design approach also is compatible with other, related services, such as the
424:
was indeed authorized by the owner of that domain. It achieves this by affixing a
3009:
Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
2793:
Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
2750:
2737:
2656:
2469:
2446:
2033:
1337:
1009:
207:
3013:
3006:
2999:
2989:
2982:
2975:
2968:
2961:
2951:
2944:
2852:
2829:
2814:
2791:
2363:
2340:
2239:
2216:
2171:
2148:
2005:
1982:
1759:
1736:
1684:
1661:
1547:
1524:
1487:
1464:
931:
scrutiny remains an open question. DKIM used to have an optional feature called
2916:
2770:
1802:
1397:
1153:
protocol. Thus, in practice, the receiving server still has to whitelist known
406:
257:
848:
533:
field must always be signed. The resulting header field consists of a list of
3035:
1584:
1349:
1046:
918:
from those domains, and perhaps filter the remaining mail more aggressively.
526:
2264:
1980:
1458:
815:
176:
3016:
A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
2831:
A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
2259:
1655:
1572:
1514:
2500:
1841:
1777:
1341:
1325:
1321:
1309:
1036:
804:, along with other key usage tokens and flags (e.g. from a command line:
421:
2964:
DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)
2484:"How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole"
2461:
1359:, following the most recent protocol additions, and licensing under the
1413:
1333:
1292:
1237:
1053:
For a comparison of different methods also addressing this problem see
1035:
DKIM signatures do not encompass the message envelope, which holds the
801:
785:
456:
414:
324:
1605:
2933:
Why do I need to set DKIM when my DMARC can pass basis the SPF alone?
2844:
2806:
2355:
2260:
2231:
2163:
1997:
1751:
1676:
1539:
1479:
1013:
645:(optional), header fields - copy of selected header fields and values
896:
There are some incentives for mail senders to sign outgoing e-mail:
471:
DKIM provides the ability to sign a message, and allows the signer (
1870:
1635:
1329:
1267:. Any mail from these organizations should carry a DKIM signature.
1264:
997:
927:
890:
460:
410:
2561:"STD 76, RFC 6376 on DomainKeys Identified Mail (DKIM) Signatures"
2440:
1656:
Dave Crocker; Tony Hansen; Murray S. Kucherawy, eds. (July 2009).
2593:
2113:
1423:
1228:, currently RFC 6376. "Identified Internet Mail" was proposed by
972:
2947:
Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
2383:
2303:
the quotes can be legally removed, which breaks DKIM signatures.
2218:
Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
1410:(Domain-based Message Authentication, Reporting and Conformance)
1217:. This merged specification has been the basis for a series of
1032:
The RFC itself identifies a number of potential attack vectors.
2186:"IESG Report regarding "Appeal of decision to advance RFC6376""
1428:
1345:
1241:
1071:
976:
968:
948:
639:(required), header fields - list of those that have been signed
287:
181:
80:
60:
2650:"One small step for email, one giant leap for Internet safety"
1145:
Another workaround is to whitelist known forwarders; e.g., by
2899:"The New Requirements for Email Delivery at Gmail - Valimail"
2534:
1981:
Tony Hansen; Dave Crocker; Phillip Hallam-Baker (July 2009).
1407:
1278:
1256:
1252:
1233:
1229:
1214:
1210:
1165:
1111:
952:
936:
873:
308:
86:
27:
Email authentication method designed to detect email spoofing
2978:
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures—Update
405:
method designed to detect forged sender addresses in email (
2866:
2775:
2755:
2564:
2452:
2410:
2276:
2154:
2138:
1911:
1849:
1218:
1174:
1095:
944:
797:
757:
721:
algorithms. The result, after encryption with the signer's
276:
271:
241:
191:
111:
76:
975:
content-protection standards. DKIM is compatible with the
2720:. Gmail Help entry, mentioning DKIM support when sending.
1807:"IPR disclosures, was Collecting re-chartering questions"
1632:"Email Spoofing: Explained (and How to Protect Yourself)"
1571:
Crocker, D.; Hansen, T.; Kucherawy, M. (September 2011).
1260:
96:
2614:
1510:
1508:
1355:
Source code development of one common library is led by
2531:"DomainKeys Identified Mail (DKIM) Grows Significantly"
1842:"Yahoo! Inc.'s Statement about IPR related to RFC 6376"
1813:. Mutual Internet Practices Association. Archived from
1564:
2881:"New Gmail protections for a safer, less spammy inbox"
1570:
858:
GNU General Public License v2.0 (and no other version)
838:
header field to the message as described in RFC 7001.
1950:"Add a DMARC record - Google Apps Administrator Help"
1505:
784:
is a fixed part of the specification. This gives the
2384:
Eric Allman; Mark Delany; Jim Fenton (August 2006).
1629:
3026:
3002:
DomainKeys Identified Mail (DKIM) and Mailing Lists
2342:
DomainKeys Identified Mail (DKIM) and Mailing Lists
2338:
732:In addition to the list of header fields listed in
670:for the body hash (optionally limited to the first
2971:DomainKeys Identified Mail (DKIM) Service Overview
1984:DomainKeys Identified Mail (DKIM) Service Overview
1908:"Change the status of ADSP (RFC 5617) to Historic"
1466:DomainKeys Identified Mail (DKIM) Service Overview
1045:A concern for any cryptographic solution would be
872:provide different measures of email authenticity.
821:The receiver can use the public key (value of the
740:. This list need not match the list of headers in
2312:
2077:"Ok Google: please publish your DKIM secret keys"
1774:"Yahoo! DomainKeys Patent License Agreement v1.1"
3033:
2577:RFC 6376 has been elevated to Internet Standard.
2071:
863:
806:nslookup -q=TXT brisbane._domainkey.example.net
2789:
2448:The Authenticated Received Chain (ARC) Protocol
2269:"secdir review of draft-ietf-yam-rfc1652bis-03"
1801:
1790:Yahoo! DomainKeys Patent License Agreement v1.2
1738:Email Authentication for Internationalized Mail
1121:
2718:"I’m having trouble sending messages in Gmail"
1964:"About DMARC - Google Apps Administrator Help"
1886:
1884:
1573:"DomainKeys Identified Mail (DKIM) Signatures"
686:a more fine-grained sphere of responsibility.
2992:DomainKeys Identified Mail (DKIM) Signatures
2954:DomainKeys Identified Mail (DKIM) Signatures
2398:. sec. 5.1. I-D draft-allman-dkim-ssp-02
2027:"Postmarking: helping the fight against spam"
375:
2985:DKIM Development, Deployment, and Operations
2150:DomainKeys Identified Mail (DKIM) Signatures
1663:DomainKeys Identified Mail (DKIM) Signatures
1526:DomainKeys Identified Mail (DKIM) Signatures
587:(required), Signing Domain Identifier (SDID)
2827:
2093:
1956:
1905:
1881:
1730:
1606:"DKIM: What is it and why is it important?"
705:field of the signature being created, with
615:(optional), Agent or User Identifier (AUID)
2731:"All outbound email now being DKIM signed"
2698:
2615:Jim Fenton; Michael Thomas (1 June 2004).
2528:
2522:
2210:
1925:
1839:
1180:
907:
382:
368:
2843:
2805:
2460:
2354:
2230:
2162:
2039:
1996:
1942:
1750:
1675:
1538:
1478:
657:(required), signature of headers and body
521:header fields, possibly on behalf of the
2706:"Fighting phishing with eBay and Paypal"
2644:
2642:
2640:
1899:
1630:Jason P. Stadtlander (16 January 2015).
854:DomainKeys Patent License Agreement v1.2
548:;s=brisbane; c=relaxed/simple;q=dns/txt;
2418:"Authenticated Received Chain Overview"
2096:"dkim-rotate - Principles of Operation"
1348:, and Jim Fenton and Michael Thomas of
1077:
1060:
986:
14:
3034:
2339:Murray S. Kucherawy (September 2011).
2670:"Yahoo Releases Specs for DomainKeys"
2637:
2625:. I-D draft-fenton-identified-mail-00
1658:"Determine the Header Fields to Sign"
1890:
1213:and "Identified Internet Mail" from
1003:
788:resource record to be looked up as:
709:equal to the computed body hash and
500:
2313:Kucherawy, Murray (28 March 2011).
517:Signing modules insert one or more
24:
2937:
621:(recommended), signature timestamp
25:
3078:
3027:DomainKeys Identified Mail (DKIM)
3020:
2501:"DKIM Frequently Asked Questions"
1733:"DKIM and Internationalized Mail"
1452:
955:, should reject any that is not.
2790:Scott Kitterman (January 2018).
2441:K. Andersen; B. Long; S. Blank;
2036:. Microsoft Office Outlook Blog.
1906:Barry Leiba (25 November 2013).
1840:Chen, Andy (26 September 2011).
958:
921:
609:(optional), default query method
603:algorithm(s) for header and body
2909:
2891:
2873:
2859:
2821:
2783:
2763:
2743:
2729:Mueller, Rob (13 August 2009).
2723:
2711:
2689:
2680:
2662:
2608:
2592:. 26 April 2006. Archived from
2582:
2553:
2493:
2482:Zetter, Kim (24 October 2012).
2476:
2434:
2377:
2332:
2315:"RFC4871 Implementation Report"
2306:
2293:
2253:
2204:
2178:
2132:
2106:
2087:
2065:
2019:
1974:
1863:
1833:
1795:
1766:
1393:Author Domain Signing Practices
1352:attributed as primary authors.
1320:DKIM Working Group, chaired by
805:
792:brisbane._domainkey.example.net
768:domain to be verified against,
751:
537:parts as in the example below:
482:organization, possibly at each
2828:John Levine (September 2018).
2386:"Mailing List Manager Actions"
1724:
1710:
1701:
1649:
1623:
1598:
1366:
1299:
926:DKIM can be useful as an anti-
725:and encoding using Base64, is
489:All of this is independent of
13:
1:
2391:DKIM Sender Signing Practices
2211:Jim Fenton (September 2006).
2025:Roic, Alessio (5 July 2007).
1893:"Searching for Truth in DKIM"
1445:
1027:
883:
864:Relationship to SPF and DMARC
581:(required), signing algorithm
491:Simple Mail Transfer Protocol
409:), a technique often used in
2771:"DKIM Crypto Update (dcrup)"
2704:Taylor, Brad (8 July 2008).
2648:Delany, Mark (22 May 2007).
1891:Falk, J.D. (17 March 2009).
1387:Authenticated Received Chain
1162:Authenticated Received Chain
1122:Annotations by mailing lists
1082:DKIM currently features two
678:for the signing domain, and
7:
2529:Jim Fenton (15 June 2009).
2490:. Accessed 24 October 2012.
2081:cryptographyengineering.com
1515:Dave Crocker; Tony Hansen;
1459:Tony Hansen; Dave Crocker;
1380:
662:The most relevant ones are
450:
10:
3083:
1324:and Stephen Farrell, with
1204:
893:attacks easier to detect.
868:In essence, both DKIM and
846:DomainKeys was covered by
627:(recommended), expire time
505:
395:DomainKeys Identified Mail
2145:"Security considerations"
1731:John Levine (June 2019).
1519:, eds. (September 2011).
841:
567:where the tags used are:
2618:Identified Internet Mail
1283:elliptic curve algorithm
539:
3047:Cryptographic protocols
2917:"Sender Best Practices"
2213:"Chosen Message Replay"
2139:D. Crocker; T. Hansen;
1716:Note that there are no
1434:Sender Policy Framework
1181:Short key vulnerability
1050:queries by bad actors.
908:Use with spam filtering
836:Authentication-Results:
633:(optional), body length
495:message transfer agents
36:Internet protocol suite
2736:6 October 2011 at the
1811:ietf-dkim mailing list
1289:. The added key type,
1094:, neither of which is
993:computational overhead
808:) as in this example:
3057:Internet architecture
2751:"DMARC Group History"
2655:14 March 2013 at the
1100:X-MIME-Autoconverted:
1055:e-mail authentication
849:U.S. patent 6,986,049
674:octets of the body),
651:(required), body hash
512:mail submission agent
3042:Email authentication
2921:senders.yahooinc.com
2094:Ian Jackson (2022).
2075:(16 November 2020).
2032:17 July 2011 at the
1817:on 14 September 2016
1461:Phillip Hallam-Baker
1419:Email authentication
1357:The OpenDKIM Project
1344:and Miles Libbey of
1078:Content modification
1061:Arbitrary forwarding
987:Computation overhead
593:(required), selector
403:email authentication
3067:Internet governance
2541:on 24 December 2014
2263:(with agreement by
2225:. sec. 4.1.4.
2114:"DKIM Signing Keys"
2100:manpages.ubuntu.com
2047:"DKIM Verification"
1805:(25 January 2010).
1517:Murray S. Kucherawy
575:(required), version
544:v=1;a=rsa-sha256;d=
529:they sign, but the
3062:Network addressing
2267:) (5 March 2010).
1933:"FAQ - DMARC Wiki"
1440:Vouch by Reference
979:standard and with
776:tag the selector,
682:for the selector.
2956:Proposed Standard
2905:. 3 October 2023.
2887:. 3 October 2023.
2507:. 16 October 2007
2462:10.17487/RFC8617/
2053:. 4 November 2016
2051:www.wikileaks.org
1670:. sec. 5.4.
1533:. sec. 1.5.
1403:Context filtering
1246:message integrity
1185:In October 2012,
1130:and many central
1004:Non-repudiability
915:reputation system
826:with in transit.
501:Technical details
445:Internet Standard
432:published in the
426:digital signature
392:
391:
43:Application layer
16:(Redirected from
3074:
2925:
2924:
2913:
2907:
2906:
2903:www.valimail.com
2895:
2889:
2888:
2877:
2871:
2870:
2863:
2857:
2856:
2847:
2845:10.17487/RFC8463
2825:
2819:
2818:
2809:
2807:10.17487/RFC8301
2787:
2781:
2780:
2767:
2761:
2760:
2747:
2741:
2740:. Fastmail blog.
2727:
2721:
2715:
2709:
2702:
2696:
2693:
2687:
2684:
2678:
2677:
2666:
2660:
2646:
2635:
2634:
2632:
2630:
2612:
2606:
2605:
2603:
2601:
2596:on 27 April 2006
2586:
2580:
2579:
2574:
2572:
2557:
2551:
2550:
2548:
2546:
2537:. Archived from
2526:
2520:
2519:
2514:
2512:
2497:
2491:
2480:
2474:
2473:
2464:
2438:
2432:
2431:
2429:
2427:
2422:
2414:
2408:
2407:
2405:
2403:
2381:
2375:
2374:
2372:
2370:
2358:
2356:10.17487/RFC6377
2336:
2330:
2329:
2327:
2325:
2310:
2304:
2302:
2297:
2291:
2290:
2285:
2283:
2273:YAM mailing list
2257:
2251:
2250:
2248:
2246:
2234:
2232:10.17487/RFC4686
2208:
2202:
2201:
2199:
2197:
2182:
2176:
2175:
2166:
2164:10.17487/RFC6376
2136:
2130:
2129:
2127:
2125:
2110:
2104:
2103:
2091:
2085:
2084:
2073:Matthew D. Green
2069:
2063:
2062:
2060:
2058:
2043:
2037:
2023:
2017:
2016:
2014:
2012:
2000:
1998:10.17487/RFC5585
1978:
1972:
1971:
1960:
1954:
1953:
1946:
1940:
1939:
1929:
1923:
1922:
1920:
1918:
1903:
1897:
1896:
1888:
1879:
1878:
1867:
1861:
1860:
1858:
1856:
1837:
1831:
1830:
1824:
1822:
1799:
1793:
1792:
1787:
1785:
1770:
1764:
1763:
1754:
1752:10.17487/RFC8616
1728:
1722:
1714:
1708:
1705:
1699:
1698:
1693:
1691:
1679:
1677:10.17487/RFC6376
1653:
1647:
1646:
1644:
1642:
1627:
1621:
1620:
1618:
1616:
1602:
1596:
1595:
1593:
1591:
1568:
1562:
1561:
1556:
1554:
1542:
1540:10.17487/RFC6376
1521:"Data Integrity"
1512:
1503:
1502:
1496:
1494:
1482:
1480:10.17487/RFC5585
1456:
1308:was designed by
1295:
1285:to the existing
1192:
1101:
1093:
1089:
1084:canonicalization
879:
851:
837:
807:
793:
704:
700:
601:canonicalization
562:
557:
552:
547:
543:
536:
532:
520:
384:
377:
370:
32:
31:
21:
3082:
3081:
3077:
3076:
3075:
3073:
3072:
3071:
3032:
3031:
3023:
2940:
2938:Further reading
2929:
2928:
2915:
2914:
2910:
2897:
2896:
2892:
2879:
2878:
2874:
2865:
2864:
2860:
2826:
2822:
2788:
2784:
2769:
2768:
2764:
2749:
2748:
2744:
2738:Wayback Machine
2728:
2724:
2716:
2712:
2703:
2699:
2694:
2690:
2685:
2681:
2668:
2667:
2663:
2657:Wayback Machine
2647:
2638:
2628:
2626:
2613:
2609:
2599:
2597:
2588:
2587:
2583:
2570:
2568:
2559:
2558:
2554:
2544:
2542:
2527:
2523:
2510:
2508:
2499:
2498:
2494:
2481:
2477:
2439:
2435:
2425:
2423:
2420:
2416:
2415:
2411:
2401:
2399:
2382:
2378:
2368:
2366:
2337:
2333:
2323:
2321:
2311:
2307:
2300:
2298:
2294:
2281:
2279:
2258:
2254:
2244:
2242:
2209:
2205:
2195:
2193:
2184:
2183:
2179:
2157:. sec. 8.
2137:
2133:
2123:
2121:
2120:. 10 April 2023
2112:
2111:
2107:
2092:
2088:
2070:
2066:
2056:
2054:
2045:
2044:
2040:
2034:Wayback Machine
2024:
2020:
2010:
2008:
1979:
1975:
1962:
1961:
1957:
1948:
1947:
1943:
1931:
1930:
1926:
1916:
1914:
1904:
1900:
1889:
1882:
1869:
1868:
1864:
1854:
1852:
1838:
1834:
1820:
1818:
1803:Levine, John R.
1800:
1796:
1783:
1781:
1772:
1771:
1767:
1745:. sec. 5.
1729:
1725:
1715:
1711:
1706:
1702:
1689:
1687:
1654:
1650:
1640:
1638:
1628:
1624:
1614:
1612:
1610:postmarkapp.com
1604:
1603:
1599:
1589:
1587:
1569:
1565:
1552:
1550:
1513:
1506:
1492:
1490:
1457:
1453:
1448:
1383:
1369:
1361:New BSD License
1338:PGP Corporation
1302:
1290:
1244:sender and the
1207:
1190:
1183:
1155:message streams
1124:
1099:
1091:
1087:
1080:
1063:
1030:
1010:non-repudiation
1006:
989:
961:
924:
910:
886:
877:
866:
847:
844:
835:
834:, or adding an
812:
791:
754:
703:DKIM-Signature:
702:
698:
660:
565:
564:
559:
554:
549:
545:
542:DKIM-Signature:
541:
534:
530:
519:DKIM-Signature:
518:
508:
503:
453:
388:
208:Transport layer
28:
23:
22:
15:
12:
11:
5:
3080:
3070:
3069:
3064:
3059:
3054:
3049:
3044:
3030:
3029:
3022:
3021:External links
3019:
3018:
3017:
3010:
3003:
2996:
2994:Draft Standard
2986:
2979:
2972:
2965:
2958:
2948:
2939:
2936:
2927:
2926:
2908:
2890:
2872:
2858:
2820:
2782:
2762:
2742:
2722:
2710:
2697:
2688:
2679:
2676:. 19 May 2004.
2661:
2636:
2607:
2581:
2567:. 11 July 2013
2552:
2521:
2492:
2475:
2433:
2409:
2376:
2331:
2305:
2292:
2252:
2203:
2177:
2131:
2105:
2086:
2064:
2038:
2018:
1973:
1969:authenticated.
1955:
1941:
1924:
1898:
1880:
1862:
1846:IPR disclosure
1832:
1794:
1765:
1723:
1709:
1700:
1648:
1622:
1597:
1563:
1504:
1450:
1449:
1447:
1444:
1443:
1442:
1437:
1431:
1426:
1421:
1416:
1411:
1405:
1400:
1398:Bounce message
1395:
1390:
1382:
1379:
1368:
1365:
1301:
1298:
1236:to verify the
1206:
1203:
1182:
1179:
1140:DKIM-Signature
1123:
1120:
1079:
1076:
1062:
1059:
1047:message replay
1029:
1026:
1005:
1002:
988:
985:
960:
957:
923:
920:
909:
906:
905:
904:
901:
885:
882:
865:
862:
843:
840:
810:
764:tag gives the
753:
750:
659:
658:
652:
646:
640:
634:
628:
622:
616:
610:
604:
594:
588:
582:
576:
569:
540:
507:
504:
502:
499:
452:
449:
407:email spoofing
390:
389:
387:
386:
379:
372:
364:
361:
360:
359:
358:
351:
346:
341:
336:
328:
327:
321:
320:
319:
318:
311:
306:
301:
296:
291:
281:
280:
279:
274:
261:
260:
258:Internet layer
254:
253:
252:
251:
244:
239:
234:
229:
224:
219:
211:
210:
204:
203:
202:
201:
194:
189:
184:
179:
174:
169:
164:
159:
154:
149:
144:
139:
134:
129:
124:
119:
114:
109:
104:
99:
94:
89:
84:
74:
69:
64:
54:
46:
45:
39:
38:
26:
9:
6:
4:
3:
2:
3079:
3068:
3065:
3063:
3060:
3058:
3055:
3053:
3050:
3048:
3045:
3043:
3040:
3039:
3037:
3028:
3025:
3024:
3015:
3011:
3008:
3004:
3001:
2997:
2995:
2991:
2987:
2984:
2980:
2977:
2973:
2970:
2966:
2963:
2959:
2957:
2953:
2949:
2946:
2942:
2941:
2935:
2934:
2922:
2918:
2912:
2904:
2900:
2894:
2886:
2882:
2876:
2868:
2862:
2854:
2851:
2846:
2841:
2837:
2833:
2832:
2824:
2816:
2813:
2808:
2803:
2799:
2795:
2794:
2786:
2778:
2777:
2772:
2766:
2758:
2757:
2752:
2746:
2739:
2735:
2732:
2726:
2719:
2714:
2708:. Gmail Blog.
2707:
2701:
2692:
2683:
2675:
2671:
2665:
2658:
2654:
2651:
2645:
2643:
2641:
2624:
2620:
2619:
2611:
2595:
2591:
2585:
2578:
2566:
2562:
2556:
2540:
2536:
2532:
2525:
2518:
2506:
2502:
2496:
2489:
2485:
2479:
2471:
2468:
2463:
2458:
2454:
2450:
2449:
2444:
2437:
2419:
2413:
2397:
2393:
2392:
2387:
2380:
2365:
2362:
2357:
2352:
2348:
2344:
2343:
2335:
2320:
2316:
2309:
2296:
2289:
2278:
2274:
2270:
2266:
2262:
2256:
2241:
2238:
2233:
2228:
2224:
2220:
2219:
2214:
2207:
2191:
2187:
2181:
2173:
2170:
2165:
2160:
2156:
2152:
2151:
2146:
2142:
2135:
2119:
2115:
2109:
2101:
2097:
2090:
2082:
2078:
2074:
2068:
2052:
2048:
2042:
2035:
2031:
2028:
2022:
2007:
2004:
1999:
1994:
1990:
1986:
1985:
1977:
1970:
1965:
1959:
1951:
1945:
1938:
1934:
1928:
1913:
1909:
1902:
1894:
1887:
1885:
1876:
1872:
1866:
1851:
1847:
1843:
1836:
1829:
1816:
1812:
1808:
1804:
1798:
1791:
1779:
1775:
1769:
1761:
1758:
1753:
1748:
1744:
1740:
1739:
1734:
1727:
1719:
1713:
1704:
1697:
1686:
1683:
1678:
1673:
1669:
1665:
1664:
1659:
1652:
1637:
1633:
1626:
1611:
1607:
1601:
1586:
1582:
1578:
1574:
1567:
1560:
1549:
1546:
1541:
1536:
1532:
1528:
1527:
1522:
1518:
1511:
1509:
1501:
1489:
1486:
1481:
1476:
1472:
1468:
1467:
1463:(July 2009).
1462:
1455:
1451:
1441:
1438:
1435:
1432:
1430:
1427:
1425:
1422:
1420:
1417:
1415:
1412:
1409:
1406:
1404:
1401:
1399:
1396:
1394:
1391:
1388:
1385:
1384:
1378:
1375:
1372:
1364:
1362:
1358:
1353:
1351:
1350:Cisco Systems
1347:
1343:
1339:
1335:
1331:
1327:
1323:
1319:
1314:
1311:
1307:
1304:The original
1297:
1294:
1288:
1284:
1280:
1275:
1273:
1268:
1266:
1262:
1258:
1254:
1249:
1247:
1243:
1239:
1235:
1231:
1227:
1224:
1220:
1216:
1212:
1202:
1199:
1195:
1188:
1178:
1176:
1172:
1167:
1163:
1158:
1156:
1152:
1148:
1143:
1141:
1137:
1133:
1129:
1128:mailing lists
1119:
1115:
1113:
1109:
1105:
1097:
1085:
1075:
1073:
1069:
1058:
1056:
1051:
1048:
1043:
1040:
1038:
1033:
1025:
1022:
1017:
1015:
1011:
1001:
999:
994:
984:
982:
978:
974:
970:
965:
959:Compatibility
956:
954:
950:
946:
942:
938:
934:
929:
922:Anti-phishing
919:
916:
902:
899:
898:
897:
894:
892:
881:
875:
871:
861:
859:
855:
850:
839:
833:
827:
824:
819:
817:
809:
803:
799:
794:
789:
787:
783:
780:. The string
779:
775:
772: ; the
771:
767:
763:
759:
749:
745:
743:
739:
735:
730:
728:
724:
720:
716:
712:
708:
696:
692:
687:
683:
681:
677:
673:
669:
665:
656:
653:
650:
647:
644:
641:
638:
635:
632:
629:
626:
623:
620:
617:
614:
611:
608:
605:
602:
598:
595:
592:
589:
586:
583:
580:
577:
574:
571:
570:
568:
561:
556:
551:
538:
528:
527:header fields
524:
515:
513:
498:
496:
492:
487:
485:
481:
476:
474:
469:
467:
466:
462:
458:
448:
446:
441:
439:
435:
431:
427:
423:
418:
416:
412:
408:
404:
400:
396:
385:
380:
378:
373:
371:
366:
365:
363:
362:
357:
356:
352:
350:
347:
345:
342:
340:
337:
335:
332:
331:
330:
329:
326:
323:
322:
317:
316:
312:
310:
307:
305:
302:
300:
297:
295:
292:
289:
285:
282:
278:
275:
273:
270:
269:
268:
265:
264:
263:
262:
259:
256:
255:
250:
249:
245:
243:
240:
238:
235:
233:
230:
228:
225:
223:
220:
218:
215:
214:
213:
212:
209:
206:
205:
200:
199:
195:
193:
190:
188:
185:
183:
180:
178:
175:
173:
170:
168:
165:
163:
160:
158:
155:
153:
150:
148:
145:
143:
140:
138:
135:
133:
130:
128:
125:
123:
120:
118:
115:
113:
110:
108:
105:
103:
100:
98:
95:
93:
90:
88:
85:
82:
78:
75:
73:
70:
68:
65:
62:
58:
55:
53:
50:
49:
48:
47:
44:
41:
40:
37:
34:
33:
30:
19:
2993:
2955:
2930:
2920:
2911:
2902:
2893:
2884:
2875:
2861:
2830:
2823:
2792:
2785:
2774:
2765:
2754:
2745:
2725:
2713:
2700:
2691:
2682:
2673:
2664:
2627:. Retrieved
2617:
2610:
2598:. Retrieved
2594:the original
2584:
2576:
2569:. Retrieved
2555:
2543:. Retrieved
2539:the original
2524:
2516:
2509:. Retrieved
2504:
2495:
2487:
2478:
2447:
2443:M. Kucherawy
2436:
2424:. Retrieved
2412:
2400:. Retrieved
2390:
2379:
2367:. Retrieved
2341:
2334:
2322:. Retrieved
2308:
2295:
2287:
2280:. Retrieved
2272:
2265:John Klensin
2255:
2243:. Retrieved
2217:
2206:
2194:. Retrieved
2189:
2180:
2149:
2141:M. Kucherawy
2134:
2122:. Retrieved
2117:
2108:
2099:
2089:
2080:
2067:
2055:. Retrieved
2050:
2041:
2021:
2009:. Retrieved
1983:
1976:
1967:
1958:
1944:
1936:
1927:
1915:. Retrieved
1901:
1874:
1865:
1853:. Retrieved
1845:
1835:
1826:
1819:. Retrieved
1815:the original
1810:
1797:
1789:
1782:. Retrieved
1768:
1737:
1726:
1712:
1703:
1695:
1688:. Retrieved
1662:
1651:
1639:. Retrieved
1625:
1613:. Retrieved
1609:
1600:
1588:. Retrieved
1576:
1566:
1558:
1551:. Retrieved
1525:
1498:
1491:. Retrieved
1465:
1454:
1376:
1373:
1370:
1356:
1354:
1315:
1305:
1303:
1276:
1272:mailing list
1269:
1250:
1208:
1197:
1196:
1186:
1184:
1164:(ARC) is an
1159:
1154:
1144:
1139:
1135:
1125:
1116:
1107:
1103:
1086:algorithms,
1081:
1067:
1064:
1052:
1044:
1041:
1034:
1031:
1020:
1018:
1007:
990:
966:
962:
925:
911:
895:
887:
867:
857:
853:
845:
828:
822:
820:
816:CNAME record
813:
795:
790:
781:
777:
773:
769:
765:
761:
756:A receiving
755:
752:Verification
746:
741:
737:
733:
731:
726:
718:
714:
710:
706:
694:
690:
688:
684:
679:
675:
671:
667:
663:
661:
654:
648:
642:
636:
630:
624:
618:
612:
606:
599:(optional),
596:
590:
584:
578:
572:
566:
522:
516:
509:
488:
479:
477:
472:
470:
464:
454:
442:
419:
398:
394:
393:
354:
314:
247:
197:
29:
2324:18 February
2196:26 December
1895:. CircleID.
1778:SourceForge
1615:19 February
1367:Enforcement
1342:Mark Delany
1326:Eric Allman
1322:Barry Leiba
1310:Mark Delany
1300:Development
1037:return-path
832:FBL message
770:example.net
723:private key
546:example.net
443:DKIM is an
438:attachments
3036:Categories
2867:"OpenDKIM"
2674:DMNews.com
2545:28 October
2402:10 January
2369:10 January
2245:10 January
2057:7 November
1641:11 January
1577:RFC Editor
1446:References
1414:DomainKeys
1334:Jon Callas
1306:DomainKeys
1238:DNS domain
1191:google.com
1028:Weaknesses
884:Advantages
802:public key
782:_domainkey
430:public key
415:email spam
325:Link layer
3052:Anti-spam
3012:RFC
3005:RFC
2998:RFC
2988:RFC
2981:RFC
2974:RFC
2967:RFC
2960:RFC
2950:RFC
2943:RFC
2629:6 January
2600:4 January
2511:4 January
2261:Ned Freed
2102:. Ubuntu.
2083:. Google.
1875:dmarc.org
1871:"History"
1855:3 October
1690:6 January
1585:2070-1721
1553:6 January
1493:6 January
1132:antivirus
1014:WikiLeaks
699:Received:
535:tag=value
2734:Archived
2653:Archived
2505:DKIM.org
2190:IETF.org
2124:27 April
2118:iecc.com
2030:Archived
1917:13 March
1636:HuffPost
1590:30 March
1381:See also
1330:sendmail
1265:FastMail
1112:us-ascii
1108:epilogue
1104:preamble
998:hashcash
928:phishing
891:phishing
778:brisbane
480:receiver
461:phishing
451:Overview
411:phishing
401:) is an
2571:12 July
2426:15 June
2301:{{{1}}}
1424:OpenPGP
1205:History
1138:tag in
1092:relaxed
1066:of the
1008:DKIM's
973:OpenPGP
506:Signing
355:more...
339:Tunnels
315:more...
248:more...
198:more...
187:TLS/SSL
142:ONC/RPC
79: (
2885:Google
2282:30 May
2192:. IETF
2011:1 July
1828:wrote.
1821:30 May
1784:30 May
1780:. 2006
1721:scope.
1583:
1429:S/MIME
1346:Yahoo!
1242:e-mail
1240:of an
1106:, the
1088:simple
1072:botnet
977:DNSSEC
969:S/MIME
949:PayPal
842:Patent
766:author
523:author
473:author
422:domain
182:Telnet
81:HTTP/3
2535:Cisco
2488:Wired
2470:8617/
2421:(PDF)
1436:(SPF)
1408:DMARC
1389:(ARC)
1293:25519
1279:SHA-1
1257:Gmail
1253:Yahoo
1234:Yahoo
1230:Cisco
1215:Cisco
1211:Yahoo
1198:Wired
1187:Wired
1166:email
953:Gmail
937:DMARC
878:From:
874:DMARC
856:, or
531:From:
309:IPsec
87:HTTPS
3014:8463
3007:8301
3000:6377
2990:6376
2983:5863
2976:5672
2969:5585
2962:5617
2952:4871
2945:4686
2931:50.
2853:8463
2836:IETF
2815:8301
2798:IETF
2776:IETF
2756:IETF
2631:2016
2623:IETF
2602:2016
2573:2013
2565:IETF
2547:2014
2513:2016
2453:IETF
2428:2017
2404:2016
2396:IETF
2371:2016
2364:6377
2347:IETF
2326:2012
2319:IETF
2284:2010
2277:IETF
2247:2016
2240:4686
2223:IETF
2198:2018
2172:6376
2155:IETF
2126:2023
2059:2016
2013:2013
2006:5585
1989:IETF
1919:2015
1912:IETF
1857:2011
1850:IETF
1823:2010
1786:2010
1760:8616
1743:IETF
1692:2016
1685:6376
1668:IETF
1643:2016
1617:2022
1592:2020
1581:ISSN
1555:2016
1548:6376
1531:IETF
1495:2016
1488:5585
1471:IETF
1318:IETF
1291:k=ed
1263:and
1219:IETF
1175:DKIM
1173:and
1160:The
1151:ADSP
1096:MIME
1090:and
971:and
947:and
945:eBay
933:ADSP
798:IDNA
758:SMTP
558:|To:
457:spam
413:and
399:DKIM
304:IGMP
284:ICMP
242:QUIC
237:RSVP
232:SCTP
227:DCCP
192:XMPP
172:SNMP
167:SMTP
152:RTSP
127:OSPF
117:NNTP
112:MQTT
107:MGCP
102:LDAP
92:IMAP
77:HTTP
57:DHCP
18:DKIM
2850:RFC
2840:doi
2812:RFC
2802:doi
2467:RFC
2457:doi
2361:RFC
2351:doi
2237:RFC
2227:doi
2169:RFC
2159:doi
2003:RFC
1993:doi
1757:RFC
1747:doi
1718:CAs
1682:RFC
1672:doi
1545:RFC
1535:doi
1500:do.
1485:RFC
1475:doi
1336:of
1328:of
1287:RSA
1261:AOL
1223:STD
1171:SPF
1147:SPF
981:SPF
941:SPF
870:SPF
786:TXT
484:hop
434:DNS
349:MAC
344:PPP
334:ARP
299:ECN
294:NDP
222:UDP
217:TCP
177:SSH
162:SIP
157:RIP
147:RTP
137:PTP
132:POP
122:NTP
97:IRC
72:FTP
67:DNS
52:BGP
3038::
2919:.
2901:.
2883:.
2848:.
2838:.
2834:.
2810:.
2800:.
2796:.
2773:.
2753:.
2672:.
2639:^
2621:.
2575:.
2563:.
2533:.
2515:.
2503:.
2486:.
2465:.
2455:.
2451:.
2445:.
2394:.
2388:.
2359:.
2349:.
2345:.
2317:.
2286:.
2275:.
2271:.
2235:.
2221:.
2215:.
2188:.
2167:.
2153:.
2147:.
2143:.
2116:.
2098:.
2079:.
2049:.
2001:.
1991:.
1987:.
1966:.
1935:.
1910:.
1883:^
1873:.
1848:.
1844:.
1825:.
1809:.
1788:.
1776:.
1755:.
1741:.
1735:.
1694:.
1680:.
1666:.
1660:.
1634:.
1608:.
1579:.
1575:.
1557:.
1543:.
1529:.
1523:.
1507:^
1497:.
1483:.
1473:.
1469:.
1363:.
1340:,
1332:,
1259:,
1255:,
1248:.
1226:76
1157:.
1057:.
983:.
860:.
814:A
744:.
729:.
707:bh
668:bh
649:bh
497:.
486:.
459:,
417:.
288:v6
277:v6
272:v4
267:IP
61:v6
2923:.
2869:.
2855:.
2842::
2817:.
2804::
2779:.
2759:.
2633:.
2604:.
2549:.
2472:.
2459::
2430:.
2406:.
2373:.
2353::
2328:.
2249:.
2229::
2200:.
2174:.
2161::
2128:.
2061:.
2015:.
1995::
1952:.
1921:.
1877:.
1859:.
1762:.
1749::
1674::
1645:.
1619:.
1594:.
1537::
1477::
1136:l
1068:l
1021:x
823:p
774:s
762:d
742:h
738:z
734:h
727:b
719:c
715:h
711:b
695:h
691:l
680:s
676:d
672:l
664:b
655:b
643:z
637:h
631:l
625:x
619:t
613:i
607:q
597:c
591:s
585:d
579:a
573:v
397:(
383:e
376:t
369:v
290:)
286:(
83:)
63:)
59:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.