DKIM: Difference between revisions

DKIM (view source)

Revision as of 10:19, 11 February 2020

398 bytes removed , 11 February 2020

m

no edit summary

AA-Andrew

autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators

12,270

edits

Revision as of 22:28, 14 December 2019 (view source) AA-Andrew (talk \| contribs) m (→‎Testing the _domainkey DNS records) ← Older edit		Revision as of 10:19, 11 February 2020 (view source) AA-Andrew (talk \| contribs) mNo edit summary Newer edit →
(10 intermediate revisions by the same user not shown)
<indicator name="Faults">[[File:Menu-email.svg\|link=:Category:Email\|30px\|Back up to the Email Category]]</indicator> Support staff can help in adding DKIM signing for domains we host. ~~'''WORK IN PROGRESS~~ ~~'''~~ ~~'''Currently being trialled by staff, not available to customers'''~~ ~~'''Examples and confg is likely to change before customers are able to use DKIM~~ ~~'''~~ == Important: == As with SPF, if you use DKIM/DMARC then you will also want to make sure that all email that you send from your domain is sent through email servers that will sign This gives some level of confidence that the email was actually sent by the owner of the domain and not spoofed. Optionally, further DNS records (DMARC) can be added which declare to ~~these other~~ email servers receiving the message what should be done ~~with messages~~it ~~that~~it ~~fail~~fails the DKIM test - eg, do ~~noting~~nothing, block or quarantine. Even if messages are just signed, then this can help them not to be marked as spam by the recipient. This can help prevent messages that our customers send to gmail/outlook being put in to spam folders. == Signing by smtp.aa.net.uk == Customers who meet the following criteria can have their messages signed by our smtp.aa.net.uk email ~~server~~relay: * We provide DNS services for the Domain * The ~~txt~~three ~~record~~CNAME records below isare added (via the control pages) * You use smtp.aa.net.uk to send out email The DNS records required on the customer domain are as follows; ~~The A&A email relays, smtp.aa.net.uk, can optionally DKIM sign email that is sent through it.~~ aaisp1._domainkey CNAME aaisp1.dkim.aa.net.uk ~~We use a single public key, and aaisp as the Selector.~~ aaisp2._domainkey CNAME aaisp2.dkim.aa.net.uk aaisp3._domainkey CNAME aaisp3.dkim.aa.net.uk We have three selectors which enable us to roll over the keys easily. ~~Here is an example of what DNS record to add:~~ ~~Host/name: aaisp._domainkey~~ ~~Type: TXT~~ Value: "v=DKIM1; t=y; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuloXhiatbx0YnrKgS+UL4tZrxcm1rdIxYqWDrs4aMrsFLM4IiSov0McwnFKFCXmo2zqh06OwcRwyMHe4pM+izxUnsMWCRs8BcaAuBhUM+Vbo6qwp5fWjtswaIgwVgJKwY610wg+qfuKM6o2qKc/Hy9Tj" "H5W8D64cSQ7jPCS5xu8CM4Ty/WG1Q7+cLKD1Y3stusqFEX0RFVkcSsvzHNggbDBlWAQCnGeG2+pOoAnfDqSvFvqASCOdjE9HbOZLcFnQRBDiPhegN3BYNWe6leC3SpjI67JNlhcOXAN2sT9m6bTpVFgQHLCnIY4L6TZx/mbpM0xF59kS9VPpYOtl6nQZCQIDAQAB" ~~If this record exists then messages will then be signed by the AAISP key.~~ == What if I send email via other mail servers == dig +short aaisp1._domainkey.YOURDOMAIN TXT dig +short aaisp2._domainkey.YOURDOMAIN TXT dig +short aaisp3._domainkey.YOURDOMAIN TXT eg,: '''Send yourself an email''' If you send yourself an email, look at the header and you should see a DKIM-Signature: header which will include the signature along with s=~~aaisp~~aaisp1 which is the 'Selector we use'. '''Send to a gmail account and check the DKIM report'''