Originally developed at Yahoo!, DomainKeys Identified Mail has become a global standard in email security and is, together with its sister SPF, absolutely necessary to implement by anyone serious about mailing. In this post, we’ll show you how to setup DKIM and make your email more secure.
DKIM in a nutshell
DKIM is in theory quite simple. It relies on asynchronous encryption and therefore works with any tool developed for such a use. First one has to generate a private/public key pair. Then the public part of the key has to be put as a TXT record to the domain which is used as the sender address. The private key is then used to create a signature for each email. The signature is basically a hash code and computed by taking the content of the email and combining it with the private key using a security algorithm. The signature is then saved as a header of the email.
When a receiving SMTP server detects such a header, it looks up the public part of the key by asking the domain name system (DNS) for the TXT record. One of the beauties of asynchronous encryption is that the keys are like brothers: they share DNA. Using the public key anyone can tell whether the email was sent by the owner of the domain or not. If this check fails or if the header and therefore the signature does not exist, many email service providers raise an alarm and may, depending on the volume of email sent, decide to mark this email as spam or even to block the sender IP address.
Setting up DKIM
1. Setting up DKIM to generate the key pair
2. Placing the public key as a TXT record in the DNS
We have provided a list of DNS providers together with links to official and third-party documentation:
- Amazon Route 53: SPF and DKIM
- Bluehost: General DNS Setup
- CloudFlare: General DNS help
- Dreamhost: SPF, DKIM
- DynDNS: General DNS setup
- GoDaddy: SPF and DKIM
- HostGator: General DNS setup
- Hover: General DNS setup
- Namecheap: SPF, DKIM
- Network Solutions: General DNS setup
- Rackspace: General DNS setup
- Rackspace Cloud DNS: General DNS setup
- Register.com: General DNS setup
- United Domains: DKIM and SPF (in German)
- ZoneEdit: General DNS setup
With some DNS providers the setup can be quite tedious, but we would be glad to help you out. Just contact our support!
3. Generating and saving the signature
When using Sendmail or Postfix (the world’s two most popular SMTP server), or any other SMTP server that supports milter, you can use a special milter ( = email filter), the DKIM milter. This milter has been released by Sendmail as Open Source and allows to sign emails with a generated private key. Please have a look at the extensive documentation.
[ Posted Thu, 13 Mar 2014 13:40:28 ]