Cryptographic signatures
From ASRG
Jump to navigationJump to search
| Anti-spam technique: Cryptographic signatures | |
|---|---|
| Date of first use: | late 1990s |
| Effectiveness: | High |
| Popularity: | Medium |
| Difficulty of implementation: | High |
| Where implemented: | MTA/MUA |
| Harm: | Low |
Cryptographic signatures associate a forgery-resistant identity with an e-mail message. They are not directly useful as anti-spam technique, but can be used in connection with reputation systems, so that a message signed with an identity that has a good reputation can be whitelisted or otherwise handled differently.
Some signatures such as S/MIME and PGP use an e-mail address as the identity and sign the body of the message. DKIM and its predecessor DomainKeys sign the entire message using a domain name as the identity.
