JavaDKIM
Submitted by TuxInvader on Wed, 07/23/2008 - 19:41
It's still a work in progress, but I thought Java DKIM was sufficiently complete to be able to release a BETA version of my DKIM library.
Please go here http://www.badpenguin.co.uk/dkim/beta to get the Beta release.
Update: 2009-01-21, JavaDKIM 1.0-RC1 Released. See the Beta release pages for more information
Update: 2008-08-02, JavaDKIM Beta 2 Released. See the Beta release pages for more information
The DKIM and DomainKey specifications provide methods for domain level authentication of email messages. They can help in reducing the amount of UCE (Unsolicted Commercial Email), AKA spam, recieved by users of electronic mail. I was unable to find a Java implementation of DKIM, so I decided I would write one....
JavaDKIM is born!
Update: 2009-06-07 Java DKIM 1.0 has been released!
Java DKIM 1.0 Release Announcement
Java DKIM Home Page
A little more about DKIM
The DKIM spec is designed to allow an email sender to take responsibility for email messages they create. The benefit of that is simple, somebody is taking responsibility for the content of the email. A DKIM signed email has accountability and so is very unlikely to be SPAM. The DKIM signature is created by taking a digest of the message body, and then using a private key to sign that digest, along with selected email headers. The receiver of the email can then use the data in the DKIM-Signature to look up the public key of the signer (via DNS), check that the message verifies against the signature, and that the digest is still correct. If everything checks out, then the email in question is verified as coming from the signing domain.
What can you do with JavaDKIM?
Anything you like. JavaDKIM is a library that provides functions for performing both signing and verifying email messages with both DKIM and DomainKey signatures. I will provide a daemon application, which can parse email messages for signing/authenticating, but obviously you can write your own services using this library. Do what you will with it, within the confines of the GNU GPL license (Version 2), under which it is released.
The Java doc overview page gives a couple of example code snippets for checking and signing an email message stored in a text file.
What am I doing with it, and Why Java?
I work for Zeus Technology, and I thought it would be a nice idea to have a Traffic Manager / Application Delivery Controller provide DKIM and / or DomainKey authentication services to the network. This means you could implement DKIM, without making changes, or increasing the load on the current email infrastructure.
Earlier this year we (Zeus) released ZXTM 5.0, and among the new features was the ability to use Java Extensions (via the Servlet API) to extend the functionality of the ZXTM beyond the built in TrafficScript langauge. Once my JavaDKIM library is completed, it will be a trivial task to integrate it with ZXTM.
My plan is to either use ZXTM as a smart host, or use it as a transparent proxy to intercept the outgoing email. Incoming email can hit ZXTM as the MX. The DKIM library can verify/sign mail on the fly, at the network boundary. It could either add a header indicating DKIM verification status to the mail message, which could then be used by your AV/Spam checks to decide how stringent to be. Or it could send the message to different pools of servers, depending on the verification status. Maybe one pool does SPAM and AV, while the other just does AV. Not only is this NOT adding more load to the mail servers by making them do DKIM. It's reducing load, because the DKIM status found by ZXTM, could dictate how the mail is processed once it hits the mail servers.
The worlds best Traffic Manager will soon be the worlds best DKIM appliance too ;-)