Cryptographic signatures

From ASRG
Jump to navigationJump to search
Anti-spam technique: Cryptographic signatures
Date of first use: late 1990s
Effectiveness: High
Popularity: Medium
Difficulty of implementation: High
Where implemented: MTA/MUA
Harm: Low

Cryptographic signatures associate a forgery-resistant identity with an e-mail message. They are not directly useful as anti-spam technique, but can be used in connection with reputation systems, so that a message signed with an identity that has a good reputation can be whitelisted or otherwise handled differently.

Some signatures such as S/MIME and PGP use an e-mail address as the identity and sign the body of the message. DKIM and its predecessor DomainKeys sign the entire message using a domain name as the identity.