Abstract
DomainKeys identified mail (DKIM) enables a person or organization that owns a signing domain to claim responsibility for a message by associating the domain with the message. The message sender attaches a cryptographic signature to the message header. The assertion of responsibility is validated by the recipient by querying the signer's domain directly to retrieve the appropriate public key. This disclosure describes techniques that enable a message to be co-signed by two parties, e.g., a brand and a bulk sender working on behalf of the brand, such that a recipient can verify that the bulk sender who sent the message is authorized to do so by the brand. Co-signing can help deter replay attacks in DKIM. The disclosure also describes techniques that leverage version control to reverse benign changes to a message such as those introduced by a mailing list, such that genuine DKIM-authenticated messages arrive at the inboxes of intended recipients without disruption.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Chuang, Wei, "Multi-signer Authentication and Signature-preserving Mail Handling", Technical Disclosure Commons, (June 10, 2025)
https://www.tdcommons.org/dpubs_series/8221