A Digital Age Deserves A Digital Leader

Validate eMail DomainKey?

Validate eMail DomainKey?

Postby jaelanicu » Thu Nov 22, 2007 1:25 pm

As you might already know, the email Domain Key is relatively new.
I got some legitimate-looking emails that include the new DomainKey header, but I still don't trust the them.
So the question is, how can I validate the domain key? Is it even possible?
Thanks in advance.
"Righteous is always honorable, but honor is not always righteous." - Me ^_^
PRO Level 5
User avatar
Posts: 156
Joined: Wed Aug 11, 2004 6:19 pm
Location: Indonesia

Postby Absolute-Zero » Thu Nov 22, 2007 1:31 pm

IFAIK DomainKeys validation is checked at the receiving server. I'm not aware of any end-user tools for checking the key.
Image
PROfessional Member
User avatar
Posts: 2495
Joined: Sat Jun 26, 2004 2:46 pm
Location: Forever blowing bubbles...
Real Name: Dan

Postby jaelanicu » Thu Nov 22, 2007 2:17 pm

After Googling around the net for some time the other day, I'm not aware of such tools either or even a DomainKey validator from the originating mail server.
I was hoping I could ask the originating mail server something like: "Hi, did you sent me this keyed email?".
But I still have doubt that, if the DomainKey is verifiable, it can be faked.
"Righteous is always honorable, but honor is not always righteous." - Me ^_^
PRO Level 5
User avatar
Posts: 156
Joined: Wed Aug 11, 2004 6:19 pm
Location: Indonesia

Postby jbullard » Thu Nov 22, 2007 3:56 pm

All the checking is done within the sending and receiving email servers. But no, the DKIM can not actually be faked by a REAL email address from a specified domain. The main reason is that the public/private key is matched with the user. If your email server receives an email with a DKIM for example.com but the email From is somespammer@hotmail.com then your server automatically knows it is forged and is considered spam.

The only possible way for an email to be correct is to come from within the domains email server that signs the message with the correct key. Otherwise, it is considered spam.

So, it can be forged, but it can't be forged. It is one of those catch22's that they found is very secure for authenticating emails.

http://209.85.165.104/search?q=cache:PJ ... cd=1&gl=us
VP - Software
User avatar
Posts: 3653
Joined: Sun Jun 06, 2004 10:17 pm
Location: Utah
Real Name: Jason Bullard

Postby jaelanicu » Thu Nov 22, 2007 5:34 pm

I see... Quite assuring indeed. It would be better if it's adopted quickly and widely.

OK, then... HERE's one BIG (or not) question for you.
Assuming that I can borrow your leg and put it in my shoe... :D
Would you click on a link of a keyed but annoying newsletter which you don't remember asking for them? :)
"Righteous is always honorable, but honor is not always righteous." - Me ^_^
PRO Level 5
User avatar
Posts: 156
Joined: Wed Aug 11, 2004 6:19 pm
Location: Indonesia

Postby jbullard » Thu Nov 22, 2007 5:56 pm

If this is the first time you have received it I would disguard it and wait until you receive it again, if that happens. If this is not the first I would probably go to the website and call customer support if you are that worried about it. Normally, they can tell you over the phone or through a support email if you are subscribed.

Sometimes, they have email addresses that you can send these types of emails and they will respond and let you know if it is fake or real.

However, if the link in the address points to there domain (i.e. example.com) and there is no "hidden" link I would say that it is okay. But, once again, it is all about security if you are that worried. My normal response if I am that worried is to delete the email and visit the website through my browser and find where I can unsubscribe from the newsletter.
VP - Software
User avatar
Posts: 3653
Joined: Sun Jun 06, 2004 10:17 pm
Location: Utah
Real Name: Jason Bullard

Postby jaelanicu » Thu Nov 22, 2007 8:23 pm

Actually I got four of them and I keep them for further analysis and find for any pattern or any suspicious things.
While the email claimed to came from a well respected company, they are sent from a so-called newsletter server which differs from the company name. The server domain name is not reviewed by SiteAdvisor.com, unknown to AboutUs.org and has concealed WhoIs database record. The server seems to have a web server, but got a 404 error on the main page (duh...). Almost all of the links in the emails points to the newsletter server. A view of the links are fakes - displayed as URLs of third party companies but linked to the newsletter server.

I checked the company website manually via my browser and tries to unsubscribe their email by first using fake email addresses but real domain (which turned up nothing), then my real address - and turned out that I did have opted for their newsletter (somehow). So I unchecked all of the subscriptions and updated it. And do it again for the second time just to make sure my settings are applied. A view minutes later, I got two emails that my settings will take place at least 48 hours. Hmm... So far so good? Or should I cross my fingers?

Anyway, if I keep receiving the newsletter, I would be really, really mad.
"Righteous is always honorable, but honor is not always righteous." - Me ^_^
PRO Level 5
User avatar
Posts: 156
Joined: Wed Aug 11, 2004 6:19 pm
Location: Indonesia

Postby jbullard » Fri Nov 23, 2007 12:40 am

Well, the biggest problem with spammers and other companies is that when opting out of newsletters like this sometimes they will sale the email address to other companies. So, if you don't get a lot of spam and start getting more, I would suspect that this company did that.

However, if you received an email then it has to be somewhat legitiment. I wouldn't worry about it too much. Sounds like they just use multiple servers for different things which is nothing new.
VP - Software
User avatar
Posts: 3653
Joined: Sun Jun 06, 2004 10:17 pm
Location: Utah
Real Name: Jason Bullard

Postby jaelanicu » Fri Nov 23, 2007 10:11 am

...sometimes they will sale the email address to other companies.

I doubt it since the company is too big and popular. But if it does happen, it would be a big story to tell.

Thanks for all your explanation and help. :)
"Righteous is always honorable, but honor is not always righteous." - Me ^_^
PRO Level 5
User avatar
Posts: 156
Joined: Wed Aug 11, 2004 6:19 pm
Location: Indonesia

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 11 guests

cron
cron