Email Security [3/3]: Verifying with DKIM Crypto Keys

Security
Geschreven door Ihab Khiri

Table of Contents

Understanding DKIM (RFC 6376)

When sending emails there are invisible email security protocols that protect the (sensitive) information we send within our emails. By protecting I mean preventing the bad things from happening when an email's content is accessed by unintended recipients[1]

Knowledge of these mechanisms is not known by everyone because most people rely on their mail service or IT department to handle email authentication and security.

How DKIM works is that it verifies an email authenticity with cryptographic technology. It allows an organisation to claim responsibility for transmitting a message in a way that the recipient can validate[5] using a cryptographic key.

This article is the third [3/3] and final part of a three-part series of blog posts. Part [1/3] explores the Sender Policy Framework ( SPF↗︎ ) and part [2/3] delves into the Domain-based Message Authentication, Reporting and Conformance, also known as ( DMARC↗︎ ).

Part [3/3], this part, we look at what DomainKeys Identified Mail (DKIM) are and how they work to protect against spoofing [18] attacks, and we will explore some best practices around implementation.[8]

DKIM Versus Spam

Why a blogpost about some email protocol that most probably is already handled by my company or IT department? [10] Most people will never have to worry about DKIM, but if you do need to worry about it — for instance because you have your own domain — not probably configuring DKIM can have detrimental consequences.

DKIM plays an essential in the email authentication triangle (DKIM, DMARC & SPF), it is remarkable to find that only 13% (only 3% simultaneously used all three mechanisms: DKIM, DMARC and SPF) of all domains are using DKIM. [11] From this, 13%, many DKIM configurations must be conducted properly. [12]

This brings another issue, as misconfigured DKIM keys expose not only expose you to spoofing and cyber threats but negatively affect email deliverability. Meaning when you have DKIM misconfigured, your email client will not be able to authenticate your email. The purpose of this blog post is to guide, inform, and alleviate common issues around the DKIM protocol.

DKIM: A Standard Protocol

The Internet Engineering Task Force (IETF) [2]has developed standard protocols to prevent email services from spoofing attacks. [3] DKIM is one of these widely adopted email authentication protocols being standardised in Request for Comments (RFC 6376 [7], 8301 [9] and 8463 [9]) guidelines (developed by the IETF) over a decade ago. [13] DKIM has several benefits:

The benefits of using DKIM
Benefit Details
Email Recipients Improves identification of legitimate emails by signing outgoing emails with a public key cryptographic signature.[19] That signature can be used to identify the email's legitimacy by the recipient and whitelist effectiveness.
Spam Filtering Enhances other filtering techniques by forcing spammers to show a correct source domain.
Anti-phishing Authenticates emails from frequently phished domains complemented by DMARC. [14]
Compatibility Just as its relatives (DMARC and SPF) do, DKIM uses the DNS records of the sending Domain to publish its keys. This means it demands little new infrastructure, making it function well with current email systems as unobtrusive as possible.[15]
Computation Overhead Computation Overhead Makes sending bulk spam computationally expensive.
Non-repudiation Prevents senders from denying sent emails; it is considered both an advantage and a concern.[16]

Necessity of DKIM

There are a few scenarios where DKIM is not automatically configured for you. For instance, when you own a custom domain and administer your email system. But also, if you are an IT Admin at a company managing the company domains (using Microsoft 365 or Google Workspace, e.g.) for sending and receiving emails.[17]

Configuring DKIM is unnecessary if you're using email clients like Gmail, Outlook, etc. You will not need to change or update your email clients because DKIM is a behind-the-scenes mechanism for these servers. In other words, the most popular mail email clients/services facilitate email authentication anyway. However, less relevant does not mean less attractive, so a basic understanding of DKIM as an email security protocol benefits everyone.

DKIM Signatures Explained

DKIM relies on two cryptographic keys for authentication:

Private Key (private.pem)

The private key is used to sign outbound emails, and legitimacy is verified using mathematics based on the data in your email. This is an example of a private Key: 

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZf
XJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/
3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
AoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAu
JGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAF
V7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQXGukBI
4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPw
IGm63ilAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9
HPTJuo3/9s5p+sqGxOlFL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqo
xssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQJBAJGC
1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5
WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ37sJ5QsW
+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----

Public Key

The public key is used by the email system of the person receiving your email (Outlook, Apple mail, Proton mail, etc.) to check if the email received is genuine. It does so as it communicates with a mail server, which checks this associated public key signature (the one that comes with the email you receive) against a digital key you publish (public key). This is what a public key might look like: 


  -----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVx
wTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFnc
CzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0T
p0GbMJDyR4e9T04ZZwIDAQAB

-----END PUBLIC KEY-----

The keys are stored in the selector format with a DNS record (string of text). _domainkey. Domain. The domain key is a fixed string, and the selector is a randomly chosen string by the domain name system (DNS) owner. DKIM signature headers and DKIM DNS records contain different informational elements represented by multiple tag=value [23] pairs. Below is a table showing what each one means:

Table 1: DKIM Tag-Value Pairs and Descriptions
DKIM Tags Description
v= Indicates the version of DKIM.
a= Indicates the used algorithm (e.g., "RSA-SHA1", "RSA-SHA256") for generating the signature / the DKIM signature. RFC 6376 recommends that signers should sign using "RSA-SHA256"[24]
s= Indicates the selector name necessary to gather the public key in DNS /, an attribute in the DKIM signature which permits multiple keys under the same Domain.
d= Indicates the used Domain.
h= One code for the beginning of the email. A list of header data (called the "h-headers") is used during the signing algorithm. This tag is optional, and the default allows all algorithms (e.g., SHA-1 and SHA-256).
b= The B-tag is a code created from the body hash, and the h-header (called the "data-hash"), also known as the DKIM signature. The DKIM signature is base64 encoded and added to the email itself.
bh= A code for the main message in the email (called the "body-hash").

The most important values for verifying the digital signature of an email message are b, which represents the actual digital signature of the message contents (headers and body), and bh, which represents the body hash (optionally limited to the first L octets of the body), d, which represents the signing domain, and s, which represents the selector. The hash serves as a fingerprint or a digital signature and is a fixed-length string of characters generated from data of arbitrary size using a hash function.

Additionally, an Agent or User Identifier (AUID) can be included as an email address with an optional local part. The domain of the AUID must be equal to, or a subdomain of, the signing domain. An Agent or User Identifier (AUID) is a single identifier that refers to the agent or user on behalf of whom the Signing Domain Identifier (SDID) has taken responsibility. The AUID comprises a domain name and an optional . The domain name is the same as that used for the SDID or is a subdomain. (RFC 6376) The AUID's meaning is intentionally undefined, allowing the signing domain to establish a more specific scope of responsibility. Both the header and body are used in the signature.

First, the message body is hashed, always from the beginning, possibly trimmed to a given length l (which may be zero).

To create a signature, specific header fields are chosen and hashed in the order specified by 'h'. If a header field appears multiple times, the last instance of the field is used. The hashing starts at the previous field and proceeds upwards in the same order in which Received fields are added to the header. A field is treated as an empty string if it does not exist. Thus, adding a field with that name can invalidate the signature. To create the DKIM-Signature field, which includes the computed body hash (bh) and an empty string (b), is added to the second hash. However, the DKIM-Signature field name should not appear in 'h' as it would refer to another pre-existing signature.

The text is first standardised using the relevant c algorithms for both hashes. After that, it is encrypted using the signer's private key and then encoded using Base64, resulting in b. Along with the list of header fields mentioned in h, a separate list of header fields (including their names and values) present during the signing process can also be provided in z. This list doesn't need to match the header list in h. The chosen algorithms, fields, and body length are supposed to identify the message while still allowing the signatures to remain intact during transit despite any possible changes. However, it is essential to note that this does not imply complete end-to-end data integrity.

Your email signature is placed in the email header when you send an email. Although invisible to you, it is a critical part of email authentication. Unlike encryption keys obtained from widely recognised certificate authorities, cryptographic keys used with DKIM are not. If the signature verification fails, the email is not immediately rejected. Instead, the receiving email service can filter or reject the email that fails the DKIM check.

DKIM with SPF & DMARC

It is good to know that DKIM alone  does not prove your emails are genuine, nor DKIM does not encrypt [4] your email.

Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) works in conjunction with DKIM.

While DKIM focuses on the integrity of the email content by verifying that an email was sent from a certain domain and has not been altered; it does not ensure that the email came from a legitimate person associated with that sending Domain: SPF validates the sending server's IP address.

SPF works by limiting the sender's IP addresses. The receiving email services can use the IP address range from the DNS records to check whether the sending email server is legal.  It is advised to implement your SPF mechanism already; for more information about SPF, consider reading the first part  of this blog post series.

DMARC is a system that enables the domain name system (DNS) owner to specify what actions the receiver should take when the incoming email fails the DMARC check. The DMARC check includes checking the SPF, DKIM or both. When receiving an email, the SPF and DKIM are checked first, and then action is taken on the email based on what is defined in the DMARC records. If you still need to implement DMARC, consider doing this as the next step. DMARC helps you specify a policy that tells receiving mail servers how to deal with emails that fail SPF and DKIM checks, such as whether to accept, quarantine, or reject them.

Setting Up DKIM Records

Specific steps for setting up a DKIM record vary depending on the email service provider or hosting platform; hence, consult your provider's documentation for detailed instructions.  These basic steps and guidelines can help you during your implementation.

  1. Your first step is generating your DKIM-required key pair: public and private.
  2. If you'd like to generate your own public and private keys, try using one of the publicly available generators, DKIM Record Generator from EasyDMARC. 
  3. First, you must develop a name for the selector (for example, k1). Enter this in, along with the sending Domain. Then, specify the key length that you would like to have. The generator will then provide you with private and public keys.
  4. The private key must be stored on your mail server.  The public key, On the other hand, it is stored in the DKIM record.  [6]
  5. Once your keys are published, wait 24/48 hours for the DNS Propagation [25] period to pass.
  6. Configure your email application service to enable DKIM and start signing your emails with your private keys.
  7. The last step is to verify your setup to ensure it's working as expected.

Testing DKIM Effectiveness

Table 2: Tools for DKIM and Email Infrastructure Testing
Tool Description/Explanation
internet.nl↗︎ The Internet.nl test tool is an initiative of the Dutch Internet Standards Platform. The platform's main objective is to promote modern Internet standards to make the Internet more accessible, secure, and reliable for all users. The tool offers a way to test the functionality of these modern standards, which can help ensure the continued growth and dependability of the Internet.
Poste.io DKIM Checker↗︎ Self-complementary. It requires you to fill in your DKIM selector, so you must look it up in your DNS. This tool is not for the weak-hearted.
Easy DMARC↗︎ Decent. I usually do not like tools that are commercially driven because sometimes they offer you to test something, and then when you fill in some personal detail, they steal your data and sell it, although this one seems innocent.
Domain Health Checker 1.4.1↗︎ This PowerShell module checks one or multiple SPF, DKIM and DMARC records.

DKIM: Limits & Challenges

As mentioned in the introduction, research [7] discovered that many email domains either do not have DKIM set up properly, use weak DKIM keys, or have a DKIM signature missing because of the strict guidelines required by DKIM implementation.  Applying DKIM can be complicated, and mistakes in the configuration can render it ineffective. It is important to be aware of the limitations and challenges associated with DKIM so that you can consider any mitigating actions. 

Table 3: DKIM Management Issues and Mitigations
Management Issue Mitigation
Some email forwarding services may alter the email content, causing the DKIM signature to malfunction. Test the forwarding service and implement DMARC to instruct mail servers to quarantine, monitor DMARC reports, and use SPF Records to increase protection. Consider encrypting[20] your email using PGP [21]or S/MIME for sensitive information.
Companies use multiple DKIM records for a single selector[22] , and this inconsistent implementation causes verification results to vary across different email services. Review DKIM configuration and apply uniqueness as suggested by RFC 6376. Ensure you use a different selector for multiple records.
They do not meet the email services enactment requirements. Specific email services have varying implementations. Determine your email service's implementation requirements before using internet sources/best practice information.
Weak DKIM Signatures - A study detected 4,312 weak keys with a key length of 384 bits (66 times) or 786 bits (4,246 times), which means weak keys due to a wrong encryption algorithm. RSA-SHA256 is recommended over RSA-SHA1 due to higher collision resistance. DKIM suggested algorithms were updated in Jan 2018, mandating RSA-SHA256 and forbidding RSA-SHA1.
Setting the v field value to DKIM2 can cause invalid DKIM signatures. Always set the "v" field value as "DKIM1" in your DKIM signatures to indicate compliance with DKIM version 1, which is the widely accepted and standardised version.
A study discovered 312,852 (8.6%) sending domains to deploy at least one DKIM key over five years, with long-lifetime keys common among high-profile domains. Nineteen thousand four hundred thirty-one sending domains within the Alexa top 1M have not rotated their DKIM keys in the past year, which accounts for 72.1% of all domains that use DKIM. A systematic and periodic rotation of DKIM keys is needed to minimise the risk of a key compromise. This can be settled with long lifetime keys due to never rotating the keys, adding an expiration date for DKIM keys, and setting "over signing" as the default mechanism.

DKIM's Role in Email Security

The importance of DKIM in securing email communications is paramount. However, it only works well with its brother and sister, SPF and DMARC.

You can ensure email reliability by adhering to the RFC guidelines. There is no doubt how crucial DKIM is when verifying the authenticity of email messages to combat spoofing to all its degrees.

Let us proceed with email systems and services that assure interoperability and consistent behaviour. I hope to have provided useful information with this blog series, and I urge that we stay attentive rather than neglect what is at our fingertips.

  1. European Union Agency for Cybersecurity, "Threat Landscape," ENISA, 2022. Link to article ↗︎

  2. The Internet Engineering Task Force (IETF) is an open standards organisation responsible for developing protocols for the Internet. IETF is the entity behind the standardisation of DKIM and many other internet-related technologies. ↗︎

  3. Spoofing attacks are malicious activities to deceive a target, usually by mimicking another trusted entity. In the context of email, spoofing attacks could involve sending emails that appear to come from a legitimate source but are sent by attackers. These attacks are often carried out to gain unauthorised access, steal information, or spread malware and can fall under broader categories like phishing, email IP spoofing, or website spoofing. ↗︎

  4. DomainKeys refer to the cryptographic keys (like a password) associated with a domain (website, email domain, etc.) used to sign and verify the authenticity of email messages sent from that domain. Identified means that DKIM helps identify and confirm that the claimed sender (domain) has sent an email message. Mail refers to the fact that DKIM is primarily used for email messages. ↗︎

  5. C. Wang et al., "A Large-scale and Longitudinal Measurement Study of DKIM Deployment," 2022. ↗︎

  6. D. Tatang, F. Zettl, and T. Holz, "The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws.," Acm.org, Oct. 06, 2021. ↗︎

  7. M. Kucherawy, D. Crocker, and T. Hansen, "RFC 6376: DomainKeys Identified Mail (DKIM) Signatures," IETF Datatracker, Sep. 21, 2011. Link to article↗︎ ↗︎

  8. S. Kitterman, "RFC 8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)," IETF Datatracker, Jan. 01, 2018. Link to article↗︎ ↗︎

  9. J. R. Levine, "RFC 8463: A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)," IETF Datatracker, Sep. 12, 2018. Link to article↗︎ ↗︎

  10. H. Bone, "What is email spoofing?," Proton, Sep. 12, 2023. Link to article↗︎ ↗︎

  11. S. Rice, "What Is DKIM? DomainKeys Identified Mail Explained," Postmarkapp.com, Sep. 05, 2017. Link to article↗︎ ↗︎

  12. in Exim, "Hands-on: implementing SPF, DKIM and DMARC in Exim | Cybersecurity | SIDN," SIDN - The company behind .nl, 2020. Link to article↗︎ ↗︎

  13. A. Wallace, "A Beginners Guide to Understanding DKIM - Domain Keys Identified Mail - blog. Allan Wallace.uk," Allanwallace. Uk, Dec. 04, 2022. Link to article↗︎ ↗︎

  14. V. Atluri and Anna Lisa Ferrara, Data and Applications Security and Privacy XXXVII. Springer Nature, 2023. Accessed: Oct. 03, 2023. Link to article↗︎ ↗︎

  15. The Majestic Million, "Majestic Million," Majestic.com, 2023. Link to source. ↗︎

  16. P. team, "How does DKIM work? Technical walkthrough + FAQs," Postmarkapp.com, Aug. 15, 2022. Link to article↗︎ ↗︎

  17. "DomainKeys Identified Mail (DKIM)," Dkim.org, 2023. Link to source. ↗︎

  18. Spoofing is a deceptive technique in which a malicious entity impersonates another source, often to gain unauthorised access. ↗︎

  19. A cryptographic signature is a unique digital stamp generated through encryption to validate the authenticity and integrity of electronic documents or email messages. ↗︎

  20. Encrypting is converting data into a coded format that can only be decoded by the intended recipient with the appropriate decryption key. ↗︎

  21. PGP is an abbreviation for "Pretty Good Privacy," a widely-used data encryption and decryption program. ↗︎

  22. A "single selector" in DKIM is like a special label that helps find the public key to check an email's authenticity. This label is part of the email's security information and is used along with the email's domain name to fetch the key from the Internet's address book (DNS). ↗︎

  23. In DKIM, "Tag=Value" pairs specify various elements of the DKIM signature in the email header. Each tag is a single-letter code representing a specific element like the algorithm used, the domain, or the selector and each value is the corresponding setting or parameter for that tag. These pairs are part of the DKIM signature string. ↗︎

  24. RSA-SHA256 combines the RSA (Rivest-Shamir-Adleman) encryption algorithm and the SHA-256 (Secure Hash Algorithm 256-bit) cryptographic hash function. This combination is commonly used in DKIM to create a secure digital signature for email messages, providing integrity and authenticity checks. ↗︎

  25. DNS Propagation refers to how changes to DNS records spread across DNS servers. When you update a DNS record, such as adding a DKIM public key, it can take some time for this change to propagate and become available to all servers and email clients querying the domain name. ↗︎

Ihab Khiri https://www.workplaceconsultant.com
Vorige

Navigating Risk, Innovation & Profits: A Strategic Balance
Volgende

Email Security [2/3]: Ensuring validity via DMARC