Home - Mail Server Software for Windows: Merak Mail Server and IceWarp Web Mail are an integrated mail server solution. Merak Mail Server, the ideal mail server for small businesses. IceWarp Web Mail, the web based e-Mail client



Home / News	Manual	Country selection


	Mail Server

	AntiSpam

	AntiVirus

	GroupWare

	Instant Messaging

	WebMail

	Migration Tool

	Bundles (new)

	Services

	Purchase / Pricing

	Updates


	Download

	Tools

	Release notes

	Newsletter

	Documentation

	Forum

	Training

	Support

	Contact

Documentation

	7.9.2005 Merak Mail Server : DomainKeys Technology
Abstract	Icewarp implemented recently (since 8.2.7 beta) a technology for secured, but easy-to-use, mail sender domain surveillance - the DomainKeys. DomainKeys technology, originally designed by Mark Delany of Yahoo!, has quickly become a bell-ringer among the mail-server programmers and developers.
Full text	IceWarp Ltd. software company’s premier product Merak Mail Server now adds a crucial and powerful security enhancement - the technology of DomainKeys. DomainKeys technology is a proposed email authentication system for validating and proving authenticity of the domain of an email sender and also the message consistency and completeness. DomainKeys performs functions analogous to Sender Policy Framework (SPF), because it stops falsification of email sender domains. But, DomainKey technology is more complex than SPF, because it can also ensure that the content of the email was not changed or altered in any way during the SMTP transit. The major advantages of this technology are the following: The receiver of the email can trust the email originator and the message contents if the DomainKey analysis completes Increased effectiveness of domain black and white listing More effective antispam control and automated action options can be taken on the results of the analysis of DomanKeys The abusive domain owners can be traceable now DomainKeys is entirely compatible with all SMTP and DNS based servers The DomainKeys signing process is basically very easy. It works by applying a hash to the body of the outgoing mail message (for example using SHA1 algorithm) and encrypting the result with RSA private key. The original Mark Delany’s draft also includes additional encoding of these highly-encrypted data with Base64. The output string is afterwards inserted into the email message as the first message header named "DomainKey-Signature:” On the receiving end of the communication process, the SMTP server receiving such a message uses the originating domain name, the string _domainkey, and a selector from the message header and fetch an DNS lookup for DNS's TXT record. The result of this DNS lookup also includes the originators domain RSA public key. The receiving SMTP server with DomainKeys can thus decipher the value of the header hash and calculate the hash value for the rest of the email message (body). If these two values match, then the mail sender is truly from the originating domain, and the content was not altered during the Internet transmission. In addition to this outstanding transparency, Merak Instant AntiSpam greatly profits from the DomainKeys technology. Merak Instant AntiSpam is based on the "method scoring increment" and thus can takes advantage of DomainKeys easily. Basically there can only be three results with the incoming mail decrypting and hash value matching: The values of both, the deciphered header and the recalculated message body hash matches. This is typical for genuine mail messages and thus no score is added to the total message score by MIAS. The DomainKey signature is invalid or missing, but the originators domain has a DNS TXT record. This is suspicious and characteristic for forged email messages and there should be warning for this behavior. Merak Instant AntiSpam total message score is increased. The is no DNS record for the domain and no "DomainKey-Signature:" in the message header, then the status is unknown and the action taken varies on settings within MIAS. There are also some potential disadvantages of using DomainKeys. The dominant issues include following: The DNS is not currently secure, but it is expected that the security problems will be solved by secured DNS, draft called DNSSEC. DomainKeys creates additional DNS load; so if you are a DNS server operator, be prepared for increase in queries. Unauthorized access to your private-key which results in unauthorized access to your identity Increased CPU consumption due to intensive computation of verification hash Anyway, the disadvantages are based on technical evolution and so there is no need to wait with the DomainKeys deployment. Upgrade your mail server to latest Merak, because with Merak Mail Server, you can bet that you will use the software from the technology leader at any time.
Contact	IceWarp Partner for Switzerland, Germany and Austria i-TEC Innovative Technologies GmbH info@merak-mailserver.com

Products

Product order

Easy international ordering and payment for Merak by credit card.

Invoice payment is possible for orders from Switzerland, Germany and Austria.

DomainKey

new technology approach to make e-mail safer and more efficient.

06.01.2009

Distributor of Merak Mail Server / Halon Security Gateway / WhosOn Echtzeit Web-Analyse / Surfstats Web Analysis