- 28-11-24ECOFED uitgeroepen tot publieksfavoriet bij Computable Awards
- 21-11-24Een goede cloud heeft een kundige dirigent nodig
- 17-10-24ECOFED wint ICT Innovatieprijs Regio Foodvalley 2024
- 01-08-24BIT geeft kaarten weg voor F1 in Zandvoort
- 24-04-24Status.bit.nl in nieuw jasje!
- 12-04-24Nieuw bij BIT: GPU hosting
- 25-03-24BIT breidt netwerkconnectiviteit uit met aansluiting op NL-ix^2
- 13-03-24No More Leaks: Samenwerken tegen cybercriminaliteit
- 03-03-24Geen verandering twee jaar na invoering sancties tegen Russische media: FOIC roept (wederom) op tot einde van ondemocratische censuur
- 29-01-24Onzichtbare upgrades
DKIM: the seal on your e-mail
23-01-2018 14:18:58
“Municipalities in the Netherlands are supposed to have implemented several internet standards for better security on their email by the end of 2017”, wrote former minister of Internal Affairs Ronald Plasterk in response to parliamentary questions in 2016 about secured email from municipalities.
A sampling test by the magazine ‘Binnenlands Bestuur’ (Internal Management) in 2016 showed that the state of the security of emailing systems in municipalities is not very good. Of the 50 municipalities that were tested, only three met the mandatory security standards for email. They were checked for internet standards DKIM, SPF and DMARC, which are used to secure emailing systems against phishing, spam and viruses.
But how does DKIM work exactly? The outgoing and incoming mailing server has to support DKIM. Postfix, Exim and Microsoft Exchange support this protocol. Secondly, a public-private-keypair needs to be generated; a private key for the mailing server and a public key for in the DNS. DKIM sets a ‘selector’, which is included in the header of the email. This selector indicates which record in the DNS should be looked at for the public key. The private key puts the hash in the email on the sending server. With the public key, the incoming mail server checks the DNS whether the hash with the public key matches the DNS
As described before provides a kind of seal for emails. DKIM guarantees that no one has messed with an email after the DKIM header is set. The combination with SPF and DMARC makes it less likely for malicious emails coming from the DKIM supporting domain to end up in inboxes. As a sender of email, you increase your chances of proper emails from your domain being sent and malicious emails from your domain are being stopped.
Internet.nl also makes 'how-to's' available with practical information that can help you implement these standards. Read more about the implementation of SPF, DKIM and DMARC on the Postfix mail server on the SIDN site.
A sampling test by the magazine ‘Binnenlands Bestuur’ (Internal Management) in 2016 showed that the state of the security of emailing systems in municipalities is not very good. Of the 50 municipalities that were tested, only three met the mandatory security standards for email. They were checked for internet standards DKIM, SPF and DMARC, which are used to secure emailing systems against phishing, spam and viruses.
A seal
The internet standard DKIM, which stands for DomainKeys Identified Mail, turns the sending server into a cryptographic has by using a ‘private key’ and adds the hash to an email in the form of a so-called DKIM header. A kind of seal on the email envelope.But how does DKIM work exactly? The outgoing and incoming mailing server has to support DKIM. Postfix, Exim and Microsoft Exchange support this protocol. Secondly, a public-private-keypair needs to be generated; a private key for the mailing server and a public key for in the DNS. DKIM sets a ‘selector’, which is included in the header of the email. This selector indicates which record in the DNS should be looked at for the public key. The private key puts the hash in the email on the sending server. With the public key, the incoming mail server checks the DNS whether the hash with the public key matches the DNS
As described before provides a kind of seal for emails. DKIM guarantees that no one has messed with an email after the DKIM header is set. The combination with SPF and DMARC makes it less likely for malicious emails coming from the DKIM supporting domain to end up in inboxes. As a sender of email, you increase your chances of proper emails from your domain being sent and malicious emails from your domain are being stopped.
DKIM headers standard at BIT
DKIM is not yet supported by all email providers. BIT adds DKIM headers to all our clients’ outgoing mail. Our clients add the BIT DKIM public key to the DNS of their own domain once. This way all our clients profit from the DKIM protocol with minimum effort.Would you like to learn more about DKIM?
You can check whether your domain supports DKIM at https://internet.nl. Here you can also immediately check whether your email and website meet the other modern and secure internet standards. Do your email and website also score 100% on https://www.internet.nl? For questions, contact us on +31 318 648 688 or on info@bit.nl. We are happy to help you!Internet.nl also makes 'how-to's' available with practical information that can help you implement these standards. Read more about the implementation of SPF, DKIM and DMARC on the Postfix mail server on the SIDN site.