How DKIM is signed
Posted: Sat Feb 01, 2025 9:32 am
The electronic signature is created by the sender's mail delivery server or mail relay server using the sender's private key and information (hash value) based on the header and body of the mail. *(1) in the diagram
The email is then sent with this digital signature included in the header. (2) in the diagram
The destination mail server (receiving server) obtains the public key that has been published in advance on the DNS server that manages the sender domain, and verifies the digital signature of the medical practice email list received email. * (3) and (4) in the diagram
If the verification is successful, you can be sure that the sender of the email is legitimate. *(5) in the diagram
This validation increases the trustworthiness of your email if the sending domain is confirmed to be legitimate, but if the sending domain is forged, the validation will fail and your email will be more likely to be treated as spam.
DKIM has two signing methods:
Third Party Signature
Third-party signature is a method in which a service provider other than the sender of the email applies an electronic signature to the email. If you are using an email delivery system, you will likely be using the third-party signature method. With third-party signature, the destination email server (receiving server) needs to verify the relationship between the From address and the signing domain.
Therefore, depending on the security policy of the destination mail server (e.g., carrier or provider), the authentication strength may be weak, which may reduce reliability, so care must be taken.
Author Signature
Author signature is a method of signing with the same domain as the sender domain. Since the sender of the email creates the electronic signature themselves, it is possible to send emails with a higher reliability than with a third-party signature.
However, when using creator signatures, it is important to manage the private key. If the private key is leaked, the signature may be forged, so be sure to manage the private key with care. Also, if the public key is not registered in DNS or is not properly managed, the signature cannot be verified, and emails may not be received.
The email is then sent with this digital signature included in the header. (2) in the diagram
The destination mail server (receiving server) obtains the public key that has been published in advance on the DNS server that manages the sender domain, and verifies the digital signature of the medical practice email list received email. * (3) and (4) in the diagram
If the verification is successful, you can be sure that the sender of the email is legitimate. *(5) in the diagram
This validation increases the trustworthiness of your email if the sending domain is confirmed to be legitimate, but if the sending domain is forged, the validation will fail and your email will be more likely to be treated as spam.
DKIM has two signing methods:
Third Party Signature
Third-party signature is a method in which a service provider other than the sender of the email applies an electronic signature to the email. If you are using an email delivery system, you will likely be using the third-party signature method. With third-party signature, the destination email server (receiving server) needs to verify the relationship between the From address and the signing domain.
Therefore, depending on the security policy of the destination mail server (e.g., carrier or provider), the authentication strength may be weak, which may reduce reliability, so care must be taken.
Author Signature
Author signature is a method of signing with the same domain as the sender domain. Since the sender of the email creates the electronic signature themselves, it is possible to send emails with a higher reliability than with a third-party signature.
However, when using creator signatures, it is important to manage the private key. If the private key is leaked, the signature may be forged, so be sure to manage the private key with care. Also, if the public key is not registered in DNS or is not properly managed, the signature cannot be verified, and emails may not be received.