HOME

TheInfoList



Click Here for Items Related To - Author Domain Signing Practices
OR:
Author Domain Signing Practices on:   [Wikipedia]   [Google]   [Amazon]

In computing, Author Domain Signing Practices (ADSP) is an optional extension to the DKIM E-mail authentication scheme, whereby a domain can publish the signing practices it adopts when relaying mail on behalf of associated authors. ADSP was adopted as a standards track RFC 5617 in August 2009, but declared "Historic" in November 2013 after "...almost no deployment and use in the 4 years since...".


Concepts


Author address

The ''author address'' is the one specified in the header field defined in RFC 5322. In the unusual cases where more than one address is defined in that field, RFC 5322 provides for a field to be used instead. The domains in 5322-''From'' addresses are not necessarily the same as in the more elaborated ''Purported Responsible Address'' covered by Sender ID specified in RFC 4407. The domain in a 5322-''From'' address is also not necessarily the same as in the ''
envelope sender {{Redir, Return path, the term in electronics, Return path (electronics) A bounce address is an email address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reve ...
'' address defined in RFC 5321, also known as
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typi ...
MAIL FROM, envelope-''From'', 5321-''From'', or , optionally protected by SPF specified in RFC 7208.


Author Domain Signature

An ''Author Domain Signature'' is a valid DKIM signature in which the domain name of the DKIM signing entity, i.e., the d tag in the ''DKIM-Signature'' header field, is the same as the domain name in the author address. This binding recognizes a higher value for author domain signatures than other valid signatures that may happen to be found in a message. In fact, it proves that the entity that controls the DNS zone for the author — and hence also the destination of replies to the message's author — has relayed the author's message. Most likely, the author has submitted the message through the proper message submission agent. Such message qualification can be verified independently of any published domain signing practice.


Author Domain Signing Practices

The practices are published in a
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
record by the author domain. For an author address , it may be set as Three possible signing practices are provided for: * unknown, which is the same as not defining any record, says the domain might sign some, most, or all email, * all says all mail from the domain is signed with an Author Domain Signature, * discardable says all mail from the domain is signed with an Author Domain Signature; furthermore, if such signature is missing or invalid, the domain owners want the receiving server to drop the message; that is, silently throw it away.


Caveat

The ADSP specification discourages publishing any record other than "unknown" for domains with independent users and no strict policy to send mail only via designated servers, since such mail would not be signed. Even so, its purpose and limitations are not always clear. One of ADSP's authors argued it's better to maintain private lists of ''discardable'' domains, managed by trusted parties, than to have each domain declare its own policy. Acknowledging that the spec was essentially an untested prototype, the author of a popular ADSP implementation proposed downgrading it to ''experimental'' status. It was eventually reclassified as ''historical'', partly because
DMARC Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Th ...
covered a similar use case.


History

For some time ADSP was known as ASP (Author Signing Practices), or the original SSP (Sender Signing Practices), until a protocol naming poll. DomainKeys, DKIM's predecessor, had an ''Outbound Signing policy'' consisting of a single character, "-" if a domain signs all email, and "~" otherwise. DKIM intentionally avoided signers' policies considerations, so that DKIM does not validate a message's "From" field ''directly'', but is a policy-neutral authentication protocol. The association between the signer and the right to use "From", a field visible to end users, was deferred to a separate specification.
Eric Allman Eric Paul Allman (born September 2, 1955) is an American computer programmer who developed sendmail and its precursor delivermail in the late 1970s and early 1980s at UC Berkeley. In 1998, Allman and Greg Olson co-founded the company Sendmail ...
, the author of
Sendmail Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet. A descendant of t ...
, was an editor of the ADSP specification for the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
DKIM DomainKeys Identified Mail (DKIM) is an email authentication method that permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. The receiver c ...
Working Group. The draft ADSP specification started in June 2007 and went through 11 revisions and lengthy discussion before being published as RFC in August 2009 - but was declared "Historic" four years later in November 2013 after "...almost no deployment and use in the 4 years since..."


See also

*
DKIM DomainKeys Identified Mail (DKIM) is an email authentication method that permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. The receiver c ...
*
DMARC Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Th ...
*
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typi ...
*
Phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
* E-mail authentication


References

{{Reflist


External links


DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)

IETF DKIM working group
(started 2006)
Domain Keys Identified Mail (DKIM)
Email authentication