Send in your ideas. Deadline February 1, 2025

Last update: 2010-09-17

DNSSEC-mail

DNSSEC for OpenDKIM and OpenDMARC

Until recent developments of domain name authentication, Internet mail has not had access to scalable mechanisms for validating an identity associated with a message. Any identifier could be used fraudulently.

The Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are relatively new technologies that create a foundational change by validating domain identifiers. However they are only the first step. DMARC takes additional steps in allowing domain owners to publish statements about their email use of their identifiers and DMARC facilitates much easier operational reporting from mail recipients to domain owners.

Thus this project will improve use of DNSSEC in the email security space. Two major upcoming applications will drive this:

  1. DMARC which relies on the DNS for advertising policy information.
  2. Domain-based reputation system that relies on DKIM, which in turn relies on secure DNS use to advertise keys and polices.

OpenDKIM includes DNSSEC support via libunbound of NLnet Labs.

Run by The Trusted Domain Project, USA.