How To Set Up DKIM In 3 Simple Steps

Originally developed at Yahoo!, DomainKeys Identified Mail has become a global standard in email security and is, together with its sister SPF, absolutely necessary to implement by anyone serious about mailing. In this post, we’ll show you how to setup DKIM and make your email more secure.

What is DKIM?

DKIM is in theory quite simple. It relies on asynchronous encryption and therefore works with any tool developed for such a use. First one has to generate a private/public key pair. Then the public part of the key has to be put as a TXT record to the domain which is used as the sender address. The private key is then used to create a signature for each email. The signature is basically a hash code and computed by taking the content of the email and combining it with the private key using a security algorithm. The signature is then saved as a header of the email.

When a receiving SMTP server detects such a header, it looks up the public part of the key by asking the domain name system (DNS) for the TXT record. One of the beauties of asynchronous encryption is that the keys are like brothers: they share DNA. Using the public key anyone can tell whether the email was sent by the owner of the domain or not. If this check fails or if the header and therefore the signature does not exist, many email service providers raise an alarm and may, depending on the volume of email sent, decide to mark this email as spam or even to block the sender IP address.


How to set up DKIM in 3 simple steps

1.  Setting up: Configuration of DKIM to generate the key pair

The tool of choice depends on your operating system. For Microsoft Windows you can use PUTTYGen (here is a tutorial), for Linux and Mac, you can use ssh-keygen (Github has an excellent tutorial).


2. Placing the public key as a TXT record in the DNS settings

We have provided a list of DNS providers together with links to official and third-party documentation:

With some DNS providers the setup can be quite tedious, but we would be glad to help you out. Just contact our support!


3. Generating and saving the signature

When using Sendmail or Postfix (the world’s two most popular SMTP server), or any other SMTP server that supports milter, you can use a special milter ( = email filter), the DKIM milter. This milter has been released by Sendmail as Open Source and allows to sign emails with a generated private key. Please have a look at the extensive documentation.


[ Posted Thu, 13 Mar 2014 13:40:28 ]


How to monitor the reputation of your IP address

When you send big amount of emails, you have to constantly watch your email reputation. Broadly speaking “email reputation” is the amount of trust your sender IP enjoys from email inbox providers. Since they don’t give you direct feedback you have to check the email reputation of your sender IPs yourself. Since there are thousands and thousands of email inbox providers, it’s impossible to check your email reputation at every single one of them.

There are a number of sites online that provide information to the public about the reputation of an IP address.

How to monitor the reputation of your IP address

Existing tools

Sender Score – They collect data from certain ISP’s and block lists. They calculate a sender score using a proprietary formula running from 1-100 for each IP address sending mails to their network. Higher the score means having a better reputation. It can be inaccurate for IP’s sending them very low values of e-mail. Some Internet Service Provider’s use this site to feed into their delivery decision engines.


AOL reputation – This site reports the reputation of IP’s as determined by it. Scales of Good, Poor or Neutral can be used.

 – Provided by Ironport/Cisco. This site publically collects available data from their userbase. Then the reputation is reported by them as ‘Good, Poor or Neutral’. They feed into some Internet Service Provider’s decision engines.

RoadRunner blocks – This site reports whether a particular IP address is currently being blocked from sending mail to RoadRunner or not.

Spamhaus blocks – This site reports whether an IP address is listed currently on the Spamhaus lists or not.

SendmailReputation – This site reports the reputation of an IP address as measured by Sendmail.

Trusted Source – This site is provided by McAfee.

Commtouch – This site is provided by Commtouch.

Barracuada Central – This site is provided by Barracuada and it shows what IP addresses are currently blocked.

SNDS – This site is provided by Microsoftand is used by Hotmail and It shows the IP addresses which are currently blocked by Microsoft.

The IP reputation to track computer crimes

An IP address must be genuine and the sites mentioned above can be used to check the reputation of the IP address. A bad IP address is one which is intentionally known to sendspam or has been identified as a zombie. Either of these can cause the sender’s email being blocked. A zombie computer is one which is compromised by an attacker without the operator’s knowledge. A hacker uses a zombie computer for carrying out illegal activities such as attacking the other computers on the internet network and sending spam emails.

SPAM emails are unsolicited emails used for spreading dangerous computer data. The owner of the zombie computer can be held for all the illegal activities taking place in the background and can also be held liable for the entire unknown activity.

Hence checking the IP address reputation is a great tool for being alert from all the crimes. The huge number of sites can be used to check the reputation of the IP address and the user can be protected from various unhealthy threats.

[ Posted Thu, 13 Mar 2014 13:23:32 ]