Calls: Send in your ideas. Deadline August 1st, 2023.

Last update: 2010-09-17



Until recent developments of domain name authentication, Internet mail has not had access to scalable mechanisms for validating an identity associated with a message. Any identifier could be used fraudulently.

The Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are relatively new technologies that create a foundational change by validating domain identifiers. However they are only the first step. DMARC takes additional steps in allowing domain owners to publish statements about their email use of their identifiers and DMARC facilitates much easier operational reporting from mail recipients to domain owners.

Thus this project will improve use of DNSSEC in the email security space. Two major upcoming applications will drive this:

  1. DMARC which relies on the DNS for advertising policy information.
  2. Domain-based reputation system that relies on DKIM, which in turn relies on secure DNS use to advertise keys and polices.

OpenDKIM includes DNSSEC support via libunbound of NLnet Labs.

Run by The Trusted Domain Project, USA.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.