Let me give you an official explanation. Think of it as a two-point mix.
Yahoo! Yahoo Anti-Spam Resource Center
Homepage FAQ tool tips interesting facts spam and legal domain name key tips training facts and legal domain name key emails.
Domain key: provide and protect e-mail sender identification domain key: e-mail sender identification and protection
E-mail spoofing (forging the e-mail address of others or companies to gain users' trust and open emails) is one of the biggest challenges facing the Internet community and anti-spam technicians. E-mail fraud-forging the e-mail address of others or companies to gain users' trust and public information is one of the biggest challenges facing both parties. Online community anti-spam technicians. Without sender authentication, verification and traceability, e-mail providers will never be able to determine whether messages are legitimate or forged, so they will have to make informed guesses on behalf of their users to determine what to send, what to block and what to isolate, so as to pursue the best user experience. Without sender authentication, auditing, tracking and e-mail providers, if they can never know whether some messages are legitimate or forged, they must constantly guess what to provide to users on their behalf and what to isolate in order to pursue the best user experience.
DomainKeys is a technical proposal, which provides a mechanism for email providers to verify the integrity of each email sender's domain and the emails sent (that is, they have not been changed during transportation). Domain key is a technical scheme. This process of deciding black-and-white return gives a verification mechanism. E-mail providers belong to the information and integrity sent by each e-mail sender (acetic acid. They haven't changed the delivery date. In addition, once the domain is verified, it can be compared with the domain used by the sender in the from: field of the message to detect forgery. Once the domain can be verified, it is like using the sender of the domain: the news that six oil fields are found to be forged. If it is forged, it is spam or fraud, and it can be discarded without affecting users. If it is forged, it is mailing or fraud. But also can reduce the influence on users. If it is not forged, the domain is known, and a persistent reputation profile can be established for the sending domain, which can be bound to the anti-spam policy system, shared among service providers, and even made public to users. If it is not forged, given the domain, profile, reputation and persistence, a scheduling domain can be established to be bundled into an anti-spam policy system, which can be shared among service providers and even exposed to users.
For well-known companies that usually send transaction emails to consumers, such as banks, utilities and e-commerce services, the benefits of authentication are far-reaching, because it can help them protect users from "phishing attacks", that is, fraudulently obtaining account information, such as credit card numbers and passwords, by impersonating the domain and email content of companies that users trust to store data. For well-known companies * * * to send e-mail transactions to consumers, for example, banks, public utilities, business services and interest verification are more profound, because it can help them protect their users from fraudulent "phishing attacks" to convince account information, such as credit card numbers and passwords, to impersonate the contents of domains and e-mails, and users have entrusted these companies to store these materials. Protecting their users from fraudulent emails directly translates into user protection, user satisfaction, reducing customer service costs and brand protection. For these enterprises, the protection of their own users is directly transformed into the protection of fraudulent email users, which can not only satisfy users, but also reduce customer service costs and protect brands.
For consumers, such as Yahoo! For consumers, such as Yahoo mail users or grandparents who access e-mail through small ISP in the Midwest, the industry's support for sender authentication technology will mean that they can start to trust e-mail again, and it can restore its role as one of the most powerful communication tools of our time. The sender authentication technology that e-mail users get commercial and industrial support in the middle and western regions through e-mail or grandparents will mean that they can trust e-mail and start it again, which can restore its era as the most powerful communication tool in the world.
Standardization and licensing terms standardization and licensing conditions
DKIM is the result of many industry participants' efforts to develop open standard e-mail authentication specifications, and industry collaboration has played a key role in this process. DKIM is because many companies are undertaking to develop open standard e-mail authentication specifications, and industrial cooperation plays a key role. Industry leaders who have played an important role in promoting the development of DKIM specifications include Alt-N Technologies, AOL, Brandenburg Internet, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo! The role of industry leaders has played a valuable role in the further development of dkim specification, including bidding nitrogen technology, AOL, Brandenburg Internet Cisco, earthlink, IBM, Microsoft, China Pgp company Sendmail, strongmail system tumbleweed, but Verisign and Yahoo. The participation of these companies helps to create this single signature-based email authentication proposal. Participating companies have proposed this single signature e-mail authentication scheme. The authorized company will continue to cooperate with these organizations and institutions. IETF standardizes the specification of Domain Name Key Identification Mail (DKIM) in order to reach an industry-wide consensus on the best method to verify the identity of e-mail senders. The company will continue to devote itself to creating works related to these groups. The standardization of IETF workspace determines the specification of mail (dkim), and the best way to reach the consensus of the whole industry is to verify the identity of the mail sender. The domain key identification email has passed the IETF Internet standard process and was finally approved as the a. N IETF Internet standard. DomainKeys confirmed that the email had already passed the Internet standard process and was finally approved to work as an international standard IETF.
For historical reference, Yahoo! Take history as a mirror, Yahoo! The domain name key framework has been submitted as "draft-Delany-domainkeys-base-03.txt" drafted by the Internet. The domain name key framework has been adopted as "Delany-domain keys base-03.txt.yahoo! The domain name key intellectual property rights of can be licensed according to the following terms: Yahoo's domain name key intellectual property card can be specified according to one of the following terms:
Yahoo! Yahoo Domain Name Key Patent License Agreement
GNU General Public License Version 2.0 (no other version). GNU General Public License Version 2.0 (no other version).
Yahoo! The intellectual property rights of Domainkeys include the following patents and patent applications. The intellectual property rights of Yahoo domain key include the following patent applications and.
U.S. Pat. No.6,986,049, published on 1 month 10 in 2006.
U.S. patent application serial numbers 10/805, 18 1, filed in March 2004.
Pct application pct/us2004/007883 was submitted on March 5, 2004, and PCT/us2004/007883 was submitted on March 5, 2004.
Pct application pct/us2005/008656 was submitted on March 5, 2005/kloc-0, and PCT/us2005/008656 was submitted on March 5, 2005/kloc-0.
According to RFC2026, Yahoo! According to rfc2026 Yahoo! I also submitted the above permission statement to IETF as an intellectual property disclosure. The above license has also been disclosed to IETF as an intellectual property statement. Is there any license feedback? Permission feedback
Scope of reference implementation
In addition to the Internet draft, Yahoo! In addition to the Internet draft, Yahoo! A reference implementation of domain key is developed, which can be inserted into message transfer agent (MTA), such as qmail. The scope of implementation has been worked out. Mail delivery agents can be lured to domainkeys (multilateral), for example, the implementation of qmail mail. A version of this software has been released, including Mercial and Freeware versions, and sendmail. They have formulated the popular methyl sulfide of domain keys (including commercial and free versions). . In fact, Sendmail has released Yahoo! In fact, Sendmail's ASUS has publicly released the news.
The working principle of domain name key
How does it work?-Sending server How does it send the server?
There are two steps to signing an email with a domain key: There are two steps to signing an email with a domain key:
Settings: The domain owner (usually a team running an email system within a company or service provider) generates a public/private key pair to sign all outgoing messages (multiple key pairs are allowed). Established: The domain owner (usually establishing the company's email system or service provider) generates the public key * * */the private key uses all signed resignation messages (multiple keys are allowed). The public key is published in DNS, and the private key is available to outbound e-mail servers with domain keys enabled. The key of public key publishing DNS is to provide a private domain key-driven travel mail server. This is step "a" in the chart on the right. The right side of "A" in this step is correct.
Signature: When an authorized end user in the domain sends each email, the domain key-enabled email system automatically uses the stored private key to generate a digital signature of the email. Signature: The end user's domain is authorized to send every email.
How does it work?-Receiving server. How does it receive the server?
There are three steps to verify a signed email: There are three steps to verify a signed email:
Preparation: The receiving e-mail system supporting domain key extracts the sender: domain of the signature and declaration from the e-mail header, and obtains the public key of the sender: domain of the declaration from DNS. Preparation: domain keys-receiving mail system, so that you can extract the signature and claim from: e-mail, and the green header domain public key comes from the icon right to claim from domain name: domain. This is step "c" in the chart on the right.
Verification: The public key from DNS is then used by the receiving mail system to verify that the signature is generated by the matching private key. Verification: The public key is used to verify the signature private key of the e-mail received from the domain name system to generate a pair. This proves that the email was indeed sent by the claimed sender: domain with its permission, and its title and content were not changed during transmission. This proves that the real e-mail sending and permission is called domain by the sender, and its header and content have not changed, but are just shifting.
Send: The receiving e-mail system applies local policies according to the results of the signature test. Delivery: Apply local policies to receive e-mail systems based on signature test results. If the domain is version. Ified and other anti-spam tests do not capture it, and emails can be sent to users' inboxes. If domain verification and other anti-spam tests do not find any problems, e-mail can be sent to the user's inbox. If the signature fails to verify, or is not verified, you can discard, mark, or quarantine the email. If the signature cannot be verified, or are there any emails, tags or seizures that can be revoked? This is step "d" in the picture on the right. The "D" of this step is in the correct diagram.
In general, Yahoo! Generally speaking, Yahoo! The server that wants to receive mail verifies the domain name key. It is expected that it will receive e-mail servers through domain keys. In any case, the end-user mail client can also be modified to verify the signature and take action on the results. However, the mail client of the end user can also modify the verification signature and the result of taking action.
Frequently asked questions frequently asked questions
How will this help stop spam? How to help stop spam?
How will this help stop fraud/phishing attacks? How can I help stop fraud/phishing attacks?
Won't spammers sign with domain key? The message you just signed won't use domainkeys spam?
What does the domain name key verify? What domain name verification?
Why did you sign the whole message? So the whole logo information?
Does DomainKeys encrypt every email? Does every domain key encrypt information?
What public/private key technology is used for DomainKeys? What public/private key is used for the technology domain key?
Who issues the public/private key pair required for the domain key? Whose problem is that both the public key and the private key need domainkeys?
Does the domain key require a certificate authority (CA) to sign the public key? Do domainkeys need to sign a public key certificate authorization (Saturday)?
How to revoke the domain name key? How to revoke domainkeys?
Why not just use S/MIME? Why can't we use close/silence?
How does DomainKeys handle mailing lists? How to establish domain name and mailing list?
Who implements DomainKeys? Implement domainkeys. who
Which mail transfer agents (MTAs) support domain name keys? Among them, the mail delivery agent (multilateral) supports domainkeys?
How to deploy DomainKeys? How to deploy domainkeys?
I don't use my domain's SMTP server to send emails. I don't use the SMTP service of my domain name to send emails. How do I use the domain key? How do I use the domain key?
How can I send you feedback? How can I send your feedback?
How will this help stop spam? How to help stop spam?
Seven ways. Several ways. First, it can allow receiving companies to discard or quarantine unsigned emails from domains that are known to always sign emails with domain names, thus combating spam and phishing attacks. First, it allows companies to receive e-mail signatures from known domains and always use domainkeys to sign e-mail, spam and phishing attacks, thus making an impact. Second, the ability to verify the sender's domain will allow e-mail service providers to start building a reputation database, which can be shared with the community and can also be applied to spam policies. 2. The ability to verify the e-mail sender's domain will enable service providers to start building a reputation database, which is a society that * * * can enjoy and also applies to the spam policy. For example, an ISP can share the "spam-to-legitimate email ratio" of their domain name in www.example.com with other ISPs who may not have established the credibility and "spam" information of emails from www.example.com. For example, an enterprise can share their "spam rate" with legitimate "www.example.com" domain names and reputation information and "spam" e-mail that other suppliers may not have established. E-mail from www.example.com. Finally, by eliminating the Forded From: address, we can bring the server-level traceability back to the e-mail (not the user level-we think this should be the provider's policy and the user's choice). Finally, we can eliminate forgery: we can trace the server-level traceability back to the e-mail (not the user level, we think this should be the policy provider's and the user's choice). Spammers don't want to be tracked, so they will be forced to send spam only to companies that don't use authentication solutions. If the spammer doesn't want to trace it, he will be forced to use the method that the mail company doesn't check.
Back to the question, back to the question.
How will this help stop fraud/phishing attacks? How can I help stop fraud/phishing attacks?
Companies vulnerable to phishing attacks can use DomainKeys to sign all outgoing emails and then publicize this policy to the world, so that em mail service providers can monitor and discard any emails claiming to come from their unsigned domains. Signs that a company is vulnerable to phishing attacks can be typed into its email and domain name, and then told to the world. Enable this policy to monitor e-mail service providers and any messages claiming to be signed from a domain. For example, if www.example.com Company signs all the e-mails sent by it with the domain key, then Yahoo, for example, if www.example.com Company signs up, all its e-mails are linked with the domain key Yahoo! You can add a filter to its SpamGuard system to discard any unsigned or incorrectly signed message claiming to come from www.example.com domain, thus protecting tens of millions of examples. Com customers or potential customers are protected from phishing attacks. It can add a filtering system. Spamguard discards the signature or places any email signature claiming to be from www.example.com to protect millions of customers or potential customers in example.com from these phishing attacks.
Back to the question, back to the question.
Won't spammers sign with domain key? The message you just signed won't use domainkeys spam?
I hope so! I hope! If they do, they will make the Internet community use the above "How will this help stop spam?" It becomes easier to isolate and discard/isolate their mail by the method described in. Otherwise, people are more likely to be isolated from the Internet society and use isolated information more easily. Eliminate "Is this email really from the domain name example.com?" The uncertainty will contribute to a whole set of anti-spam solutions. Eliminate uncertainty. "Is this really an email from a domain name in example.com?" Facilitate a series of anti-spam solutions.
Back to the question, back to the question.
What does the domain name key verify? What domain name verification?
The domain key checks the domain of the from: and sender: headers to protect users and provide the best user experience. Domain key audit: and delivery: the head domain maintains users and users. Provide the best experience. The desktop mail client is similar to Microsoft Outlook in that it displays the message header in the user interface. The Microsoft Outlook mail client desktop displays the user interface of these headers. If the user first establishes th. Eir trust is domain-based, so any system should be established to verify that trust is guaranteed. If users have established these domains on the basis of trust, they should be checked whether they are trustworthy after the system is completed.
Back to the question, back to the question.
Why did you sign the whole message? So the whole logo information?
DomainKeys signs the entire message, allowing the receiving server to verify that the message has not been tampered with or changed during transmission. Domainkeys signs the mail received by the whole server so that the mail is not verified, tampered with or changed. By signing the header and body of the email, the domain key makes it impossible to reuse some emails from trusted sources to deceive users into believing that the email comes from this source. Sign the box and the body key, it can no longer deceive users with some congratulatory messages and believe that the email comes from the source.
Back to the question, back to the question.
Does DomainKeys encrypt every email? Does every domain key encrypt information?
The domain key does not encrypt the actual message-it just adds a "digital signature" in front of the message header. The actual message that the domain key is not encrypted is only the pending "digital signature" as the title.
Back to the question, back to the question.
What public/private key technology is used for DomainKeys? What public/private key is used for the technology domain key?
Domain keys currently use RSA public/private key method. The key length is determined by the domain owner. The key is the owner of the length field.
Back to the question, back to the question.
Who issues the public/private key pair required for the domain key? Whose problem is that both the public key and the private key need domainkeys?
Domain owners or agents or service providers on their behalf should generate key pairs for their mail systems that have domain keys enabled. Keys generated by domain owners or agents or service providers on their behalf should be used for domain keys in order to enable mail systems for them.
Back to the question, back to the question.
Does the domain key require a certificate authority (CA) to sign the public key? Do domainkeys need to sign a public key certificate authorization (Saturday)?
The domain key does not require a ca. The domain key does not require a certificate. Much like a trusted notary, a certificate authority is used to sign or "endorse" public keys in a public/private key system, so that external users of public keys can know that the public keys they receive are indeed owned by the person who sent them. Just like trust notarization, the notarial certificate uses the department/private key signature system, or "approval", to let external users know whether they really have the public key * * * public key * * public key to send. Because the domain key uses DNS as the public key distribution system, and only the domain owner can publish to their DNS, the external users of the domain key know that the public key they obtained is indeed for the domain. Since only one domain can have its own DNS publication, the external user domainkeys knows that the public key is actually brought to the domain for them. A CA does not need to verify the owner of the public key-the existence in the DNS of the domain is verification. The certificate does not need to be verified. Key Owner-Verifies the domain name that resides in this domain. However, certification authorities may become an effective complement to the domainkeys solution to increase a higher level of security and trust. However, in addition to increasing security and trust to a greater extent, certification authorities can also become valuable domain keys.
Back to the question, back to the question.
How to revoke the domain name key? How to revoke domainkeys?
Domain keys allow multiple public keys to be published simultaneously in DNS. Domain keys allow multiple public keys. The DNS listed in the key are simultaneous. This allows companies to use different key pairs for the various mail servers they run, and can also easily revoke, replace or terminate the keys according to their own judgment. This enables companies to use different key points for each mail server, and it is easy to revoke convenient keys when they expire. Therefore, the domain owner can revoke a public key at any time and switch to signing with a new pair. Therefore, the owner can revoke the public key domain at any time and sign a new pair.
Back to the question, back to the question.
Why not just use S/MIME? Why can't we use close/silence?
S/mime is developed for users to sign and encrypt messages. According to the design, it should be independent of the sending and receiving servers. The design of closing/encrypting and signing user information should be independent of the sending and receiving servers. We believe that domain keys should be a natural server-to-server supplement to s/ MIME, not a substitute. We believe that it should be a natural domainkeys server to supplement the server. In addition, since s/mime is used by many security-conscious industries, we need to understand it.