Cryptographic signatures
From ASRG
Anti-spam technique: Cryptographic signatures | |
---|---|
Date of first use: | late 1990s |
Effectiveness: | High |
Popularity: | Medium |
Difficulty of implementation: | High |
Where implemented: | MTA/MUA |
Harm: | Low |
Cryptographic signatures associate a forgery-resistant identity with an e-mail message. They are not directly useful as anti-spam technique, but can be used in connection with reputation systems, so that a message signed with an identity that has a good reputation can be whitelisted or otherwise handled differently.
Some signatures such as S/MIME and PGP use an e-mail address as the identity and sign the body of the message. DKIM and its predecessor DomainKeys sign the entire message using a domain name as the identity.