Emails have been used for more than four decades and have become one of the major communication tools in everyday life and work. Hundreds of millions of emails are sent online every day. Although emails bring convenience to our work and life, they also give hackers opportunities to phish.
The standard of the domain keys identity email (DKIM) technology aims to solve the problem of fraudulent use of emails. With the DKIM, an enterprise can insert an encrypted signature into an email to be sent, where the signature is associated with a domain name. The signature is sent with the email, and an email receiver can verify, using the signature, that the email is really sent from the domain name. Since an impersonating email sending server usually do not add any DKIM information in emails, an email receiving server cannot know whether the email sender uses the DKIM technology. In the DKIM, public keys are assigned to domain names, rather than thousands of individual users under a domain name. Therefore DKIM authentication cannot be performed for an individual user. The DKIM technology has been deployed for more than eight years, but phishing emails are still prevalent on the internet. The problem of determining the credit of an identity of an email source is not essentially solved with the DKIM technology.
Specifically, at present the following problems (1) to (4) exist in sending an email:
(1) due to the security defects of the email technique protocol RFC2821, information on an email may be modified by an email sending server, an intermediate server or an email receiving server, resulting in prevalence of anonymous emails or phishing emails;
(2) the open domain name system DNS is fragile itself and is vulnerable to the domain name hijacking, so as to give attackers opportunities to replace a DKIM public key stored in the DNS, thus invalidating the DKIM system;
(3) the DKIM supports authentication based on a domain name instead of a whole email address, and a signature is controlled by a domain name manager rather than an individual email user, failing to provide a personalized service to the individual email user; and
(4) the existing DKIM technology must be deployed on the email server side, resulting in a high deployment cost.