[Chugalug] Email message authentication, encryption

David White dwrudy at gmail.com
Fri Dec 28 01:15:36 UTC 2012


I'm beginning to explore ways that I can authenticate (and possibly sign)
my email, and I'm wondering if folks have any opinions about GPG for this
use case.

I'm very familiar with SPF, DKIM, and DMARC records (in DNS), but while
these mechanisms provide a way for receiving mail servers to reliably
identify whether or not the incoming message came from the legitimate
sender, it seems to me that this doesn't provide a reliable way to reliably
determine whether or not the message was modified in transit.

These mechanisms obviously also don't even touch on full message encryption.

I know that GPG uses asymmetric encryption to sign a message (i.e. not the
whole message is encrypted, just the signature).

But it seems to me that this just serves the same purpose as DKIM. What's
the difference? (Ok, 1 is DNS based and the other is client-side based, but
other than this... any difference?)

I'm also confused about is the adoption rate of clients when it comes to
GPG. Is this something that you'd normally have to implement on your own
email client in order to "use", or do the most popular clients
automatically use it?

This is just 1 of the security-related questions I'm exploring right now,
in an effort to ramp up my own email security and protect my domain's
reputation.

Thanks,
David

-- 
- David White -
Smooth Stone Services *(soon to be CENTS)*
*Computing, Equipping, Networking, Training & Supporting *
*Nonprofit Organizations Worldwide*

Existing Website: http://www.smoothstoneservices.com
New Website (coming soon): http://developCENTS.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20121227/e0db0182/attachment-0001.html>


More information about the Chugalug mailing list