- 16-08-18Wijziging SLA's
- 07-08-18Datacenter BIT organiseert hostingevent 'Hart voor Hosters'
- 19-07-18Persbericht: Untangle stelt BIT aan als strategische distributeur
- 26-06-18BIT beraadt zich op vervolgstappen na negatieve uitslag kort geding Wiv
- 13-06-18RFO stroomstoring BIT-2C
- 08-06-18Gemeente Ede organiseert veiligheidsavond voor ondernemers
- 07-06-18Coalitie eist aanpassing Wet op de inlichtingen- en veiligheidsdiensten in kort geding
- 04-06-18Nationale Datacenter Dag
- 28-05-18BIT presenteert Axigen
DKIM: the seal on your e-mail
A sampling test by the magazine ‘Binnenlands Bestuur’ (Internal Management) in 2016 showed that the state of the security of emailing systems in municipalities is not very good. Of the 50 municipalities that were tested, only three met the mandatory security standards for email. They were checked for internet standards DKIM, SPF and DMARC, which are used to secure emailing systems against phishing, spam and viruses.
A sealThe internet standard DKIM, which stands for DomainKeys Identified Mail, turns the sending server into a cryptographic has by using a ‘private key’ and adds the hash to an email in the form of a so-called DKIM header. A kind of seal on the email envelope.
But how does DKIM work exactly? The outgoing and incoming mailing server has to support DKIM. Postfix, Exim and Microsoft Exchange support this protocol. Secondly, a public-private-keypair needs to be generated; a private key for the mailing server and a public key for in the DNS. DKIM sets a ‘selector’, which is included in the header of the email. This selector indicates which record in the DNS should be looked at for the public key. The private key puts the hash in the email on the sending server. With the public key, the incoming mail server checks the DNS whether the hash with the public key matches the DNS
As described before provides a kind of seal for emails. DKIM guarantees that no one has messed with an email after the DKIM header is set. The combination with SPF and DMARC makes it less likely for malicious emails coming from the DKIM supporting domain to end up in inboxes. As a sender of email, you increase your chances of proper emails from your domain being sent and malicious emails from your domain are being stopped.