Calls: Send in your ideas. Deadline June 1st, 2021.

Last update: 2010-09-17

DNSSEC-mail

[DNSSEC-mail — concluded in 2013]

Until recent developments of domain name authentication, Internet mail has not had access to scalable mechanisms for validating an identity associated with a message. Any identifier could be used fraudulently.

The Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are relatively new technologies that create a foundational change by validating domain identifiers. However they are only the first step. DMARC takes additional steps in allowing domain owners to publish statements about their email use of their identifiers and DMARC facilitates much easier operational reporting from mail recipients to domain owners.

Thus this project will improve use of DNSSEC in the email security space. Two major upcoming applications will drive this:

  1. DMARC which relies on the DNS for advertising policy information.
  2. Domain-based reputation system that relies on DKIM, which in turn relies on secure DNS use to advertise keys and polices.

OpenDKIM includes DNSSEC support via libunbound of NLnet Labs.

Run by The Trusted Domain Project, USA.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure, NGI0 Discovery (which is focussed on search, discovery and discoverability) and the Internet Hardening Fund.

Want to help but no money to spend? Help us by protecting open source and its users.

.