Searching for Truth in DKIM: Part 3 of 5

Posted by J.D. Falk on

by J.D. Falk
Director of Product Strategy, Receiver Services

Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication, which explains that authentication (DKIM) is “[a] safe means of identifying a participant-such as an author or an operator of an email service” while reputation is a “means of assessing their trustworthiness.”

Regular readers of this blog already know that reputation systems based on IP addresses, including our Sender Score, are used by many ISPs and anti-spam vendors to determine which mail to accept, which to reject, and which to subject to additional filtering before making a delivery decision. There, the identifier is the IP address.

The reason this sort of reputation works for delivery decisions is that it’s an attempt to measure whether the sender of a message can be trusted to send mail that the recipients want — or, more accurately, whether the IP address of a message can be trusted to send mail that the recipients won’t complain about. We also mix in the concept of safety, largely in the form of how likely it is that the IP address is sending phishing scams or similar bad stuff.

In part 1 of this series, we described how the DKIM “d=” identifier brings us closer to knowing who sent a message, because it can be tied to the company or person who registered that domain name.

Reputation or certification based on the DKIM d= identifier will have the same goal — and will be more effective, because it will be tied to the signing entity rather than a single IP address. When ADSP is applied, that signing entity could be the author domain (see part 2). If not, it’s still a useful method for determining whether to trust the message. Any d= domain who regularly signs trusted messages becomes trustworthy, and vice versa.

Plus, d= reputation is portable — the owner of the d= domain can use that same identifier on multiple IP addresses, even bringing it to a different ESP (as we described in part 2), without having to start over from scratch or to “warm up” IPs.

While not absolutely perfect, reputation and certification based on d= will be far more accurate, effective, and convenient than when it’s based solely on the IP address. But, does a trustworthy d= domain indicate a truthful message? Stay tuned for part 4.


Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About J.D. Falk

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.