Skip to content

>AUUG–The Organisation for Unix, Linux and Open Source Professionals

A Review of Yahoo!'s DomainKeys Technology

by David Purdue


Email should be one of the most powerful communication mediums at our disposal.  However email abuse reduces the effectiveness of this medium for all users.  Various technical means to combat abuses such as spam and phishing have been proposed, and in this paper one of those, DomainKeys, is examined.

DomainKeys provides a means to digitally sign all email that emanates from a given domain.  Public keys for the digital signature algorithm are distributed via the Domain Name Systems (DNS), rather than trying to set up a Public Key Infrastructure (PKI).  Email recipients can retrieve the public key from DNS to validate the signature on the incoming email.

The paper looks in detail at how DomainKeys achieves domain authentication for email, and then assesses how well it can meet the stated aim of improving the email user experience before comparing DomainKeys to other related systems.

I conclude that DomainKeys succeeds in providing an authentication framework that is useful in and of itself, but that the usefulness of this framework in combating spam is limited.

David Purdue
Sun Microsystems

Download the paper: A Review of Yahoo!’s DomainKeys Technology (218K PDF)