DKIM: Difference between revisions

← Older edit

DKIM (view source)

Revision as of 14:55, 9 October 2024

628 bytes added , 9 October 2024

m

→‎Testing if signing is working

AA-Andrew

autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators

12,548

edits

Revision as of 10:19, 11 February 2020 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Latest revision as of 14:55, 9 October 2024 (view source) AA-Andrew (talk \| contribs) m (→‎Testing if signing is working)
(6 intermediate revisions by the same user not shown)
<indicator name="Faults">[[File:Menu-email.svg\|link=:Category:Email\|30px\|Back up to the Email Category]]</indicator> Support staff can help in adding DKIM signing for domains that we host DNS and email services for. == Important: == Also see [[SPF Record]] DKIM is one of many methods which tries to protect email senders and recipients from spoofing/spam. and to proove that an email hasn't been tampered with. A domain owner can add DNS records which will publish a public key in a specially formatted Even if messages are just signed, then this can help them not to be marked as spam by the recipient. This can help prevent messages that our customers send to gmail/outlook being put in to spam folders. ====Long txt records?==== If you are adding your own txt records and they are over 256 characters long, see [[Domains:DNS_Types]] for details on how to 'split' the record in to separate chunks. == Signing by smtp.aa.net.uk == '''Send to a gmail account and check the DKIM report''' If you have access to a gmail account then send an email there, then in the little 3-dot menu in the email click 'Show Original'. You will then see the raw message but also information about SPF/DKIM/DMARC. == DKIM and t=y == Until 2024-10-09 we were running our DKIM record with t=y - which tells other servers that signing is in ''testing'' mode. This was set when we originally set up the DKIM feature and wasn't removed ones it was all working! In practice many email servers would ignore this flag anyway. This was an oversight and has removed. =DMARC= This is just a brief overview of ~~DKIM~~DMARC, you can read more about DKIM on other place or RFC7489 Adding a DMARC DNS record is optional, but can be beneficial. If you add DMARC records then you also need to make sure that all the email you send is being sent through smtp relays which will sign your messages. ie, '''all your email for your domain would want to be sent through smtp.aa.net.uk''' There are various online generators for creating a dmarc record, but the contents of the record will cover the following basic settings: