12,300
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
m (→What is DKIM?) |
mNo edit summary |
||
(18 intermediate revisions by the same user not shown) | |||
<indicator name="Faults">[[File:Menu-email.svg|link=:Category:Email|30px|Back up to the Email Category]]</indicator>
Support staff can help in adding DKIM signing for domains we host.
== Important: ==
As with SPF, if you use DKIM/DMARC then you will also want to make sure that all email that you send from your domain is sent through email servers that will sign
Also see [[SPF Record]]
DKIM is one of many methods which tries to protect email senders and recipients from spoofing/spam
A domain owner can add DNS records which will publish a public key in a specially formatted
This gives some level of confidence that the email was actually sent by the owner of the domain and not spoofed.
Optionally, further DNS records (DMARC) can be added which declare to
Even if messages are just signed, then this can help them not to be marked as spam by the recipient. This can help prevent messages that our customers send to gmail/outlook being put in to spam folders.
====Long txt records?====
If you are adding your own txt records and they are over 256 characters long, see [[Domains:DNS_Types]] for details on how to 'split' the record in to separate chunks.
== Signing by smtp.aa.net.uk ==
Customers who meet the following criteria can have their messages signed by our smtp.aa.net.uk email
* We provide DNS services for the Domain
* The
* You use smtp.aa.net.uk to send out email
The DNS records required on the customer domain are as follows;
aaisp1._domainkey CNAME aaisp1.dkim.aa.net.uk
aaisp2._domainkey CNAME aaisp2.dkim.aa.net.uk
aaisp3._domainkey CNAME aaisp3.dkim.aa.net.uk
We have three selectors which enable us to roll over the keys easily.
== What if I send email via other mail servers ==
If you use smtp.aa.net.uk and other email relays, then you will need to set up domainkey records for those mail servers too. They will use a different Selector and a different Key.
== Testing the _domainkey DNS records==
dig +short aaisp1._domainkey.YOURDOMAIN TXT
dig +short aaisp2._domainkey.YOURDOMAIN TXT
dig +short aaisp3._domainkey.YOURDOMAIN TXT
eg,:
dig +short aaisp1._domainkey.testing.me.uk TXT
It should give an answer starting v=DKIM1; if no answer, then it isn't working...
Also try an online tool such as https://mxtoolbox.com/dkim.aspx (there are many others!)
== Testing if signing is working ==
'''Send yourself an email'''
If you send yourself an email, look at the header and you should see a DKIM-Signature: header which will include the signature along with s=
'''Send to a gmail account and check the DKIM report'''
=DMARC=
This is just a brief overview of
Adding a DMARC DNS record is optional, but can be beneficial.
If you add DMARC records then you also need to make sure that
all the email you send is being sent through smtp relays which will sign your messages. ie, '''all your email for your domain would want to be
sent through smtp.aa.net.uk'''
There are various online generators for creating a dmarc record, but the contents of the record will cover the following basic settings:
|
edits