Educause Security Discussion mailing list archives
Re: Seeking insight into DKIM implementation
From: Ken Connelly <ken.connelly () UNI EDU>
Date: Thu, 18 Jun 2015 08:48:27 -0500
The intent of DKIM (and its cousin, SPF) is to prevent blatantly forged email messages from receipt. It's up to the recipient system to utilize those checks (or not). Neither, however, have any effect on mail sent from phished users who have given away their authentication credentials to the dark side. Gmail would like you to believe that implementing DKIM is the grand solution to spam, but in reality, it's only a single stepping stone. - ken On 6/18/15 7:27 AM, Brett Wasley wrote:
Greetings from Gallaudet University, We are using Gmail and due to the number of phishing attacks that have occurred recently we are discussing implementing DKIM as suggested by Google. One of the biggest "cons" of DKIM as I understand it is it has prevented users from sending messages on behalf of their address from sites outside of Gmail. In other words DKIM is an added layer of passive authentication, validating the sending/relaying mail server is approved. If this sending-server reputation check fails, the message can be tagged as spam and/or deleted and/or not accepted. (ex. A message from a gallaudet.edu <http://gallaudet.edu> address must be from a mail server that is an authorized relay.) Those of you that have DKIM implemented is this a problem and if so, how did you mitigate it? Are there better options for Gmail users (other than turning on 2-factor authentication)? Many thanks in advance for your replies. -- Brett Wasley, CISSP Information Security Officer, Gallaudet Technology Services Gallaudet University 800 Florida Ave., NE Washington, D.C. 20002-3695 202.651.5203 (voice) 410.507.2595 brett.wasley () gallaudet edu <mailto:brett.wasley () galluadet edu>
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Seeking insight into DKIM implementation Brett Wasley (Jun 18)
- Re: Seeking insight into DKIM implementation Ken Connelly (Jun 18)
- Re: Seeking insight into DKIM implementation Brett Wasley (Jun 18)
- Re: Seeking insight into DKIM implementation Nick Semenkovich (Jun 18)
- Re: Seeking insight into DKIM implementation Brett Wasley (Jun 18)
- Re: Seeking insight into DKIM implementation Ken Connelly (Jun 18)