Accredited DomainKeys: A Service Architecture for Improved Email Validation

We present an architecture called Accredited DomainKeys, which builds on the DomainKeys email authentication infrastructure to address the following questions: • “Did the sender actually send this email?” • “Is the sender of this email trustworthy?” The proposed DomainKeys architecture already addresses the first question but not the second. Accredited DomainKeys strengthens the reliability of a positive answer to the first question and provides a mechanism to answer the second. In terms of infrastructure requirements, Accredited DomainKeys involves a modest additional use of DNS over the existing DomainKeys proposal. In addition, the specification of Accredited DomainKeys provides a mechanism for historical non-repudiation of email messages sent from a given domain, which is useful for the enforcement of acceptable usage policies. Several compliant implementations of Accredited DomainKeys are possible. This paper describes two implementations, one based on time-stamped signatures, and the other based on authenticated dictionaries and the secure transaction management system (STMS) architecture.