DKIM
Or, how to scare your potential new customers by doing a whole bunch of things wrong all at once, leading to the big warning box of doom. Cold leads, not sending using a full name, and not authenticating properly. Trying to be friendly and sending mail as “Bob” can backfire, especially if your employer has four other people already named Bob, Gmail can’t tell which is which, and Gmail is concerned because your DKIM configuration is busted and you didn’t configure SPF properly. Good job, Bob.This brings me back to the common question, are SPF and/or DKIM required for inbox placement? Well, the lack of them in this case sure didn’t help Bob. Don’t be like Bob. Make it easy for Gmail to identify you and authenticate your mail.
It looks like Microsoft are getting pickier about email address syntax, rejecting mail that uses illegal address formats. That might be what’s causing that “550 5.6.0 CAT.InvalidContent.Exception: DataSourceOperationException, proxyAddress: prefix not supported – ; cannot handle content of message” rejection. Why do we care? It’s good to send syntactically valid email in a warm fuzzies sort of way – it shows we know what we’re doing, and aren’t dodgy spamware – but it’s increasingly important to delivery as mailbox providers are tightening up on their syntax checks. But why are mailbox providers doing that? One reason is that authentication tech like DKIM and DMARC is built around them only being applied to email. Not to messages that kinda look like email. There are ways to bypass DKIM protections by sending invalid messages. As one example, if you send multiple copies of the From: header with different values a DKIM checker
Need help creating your DKIM key? Specifically, the private key file and public key info that you’ll publish in DNS? MessageBird (acquirer of Sparkpost (itself the acquirer of eDataSource), has got a cool little tool for you that’ll do just that. Give it the domain name and selector and it’ll generate everything you need. They support up to 2048-bit keys today, which should be good enough for the moment. (Long term, we need to go larger, but there is a good chance that there is some infrastructure out there somewhere that might choke on keys larger than 2048 bits. That’s a challenge to tackle another day.)Find it here: MessageBird DKIM Wizard.
The other day, I ran across a complaint on Linkedin. “Just saw another email go to the Promotions Folder with DKIM, SPF, and DMARC set up perfectly. Stop telling people this will fix their e-mail problems!” It’s not the first time I’ve heard this, and I can understand why the author is frustrated. But, it’s important not to miss the true point — email authentication will help to improve inbox delivery. Because it does! But there’s a nuanced explanation to go along with that. The devil truly is in the details.Email authentication is fantastic. SPF and DKIM both allow you to set yourself up as YOU in the eyes of mailbox providers — as opposed to just being one of the many clients of ESP or CRM platform X, based on a shared IP address or shared DKIM domain. This is a good thing, but it’s just the start.Setting yourself
DKIM replay attacks are one of the new big things lately, and they work like this: Take a DKIM signed email message, and re-send it to a billion other people. Maybe add another header (or change the subject, if the signature doesn’t cover the subject), or maybe change nothing. Just take that message and randomly spam a million people. The mail will pass DKIM authentication checks, as long as it is sufficiently unchanged, and thus it authenticates as if it were a legitimate email message. Even if you weren’t the original intended recipient. Even if it was sent only to one person but then recent to a million other people, just to annoy them. That’s not a good thing — it can damage a sender’s domain reputation, because people unhappy about that unwanted mail will report it as spam, and spam reporting processing mechanisms will tie it back to the
DELIVTERMS: The (almost) weekly series here on Spam Resource that defines deliverability terminology. Today, I’m going to talk about DomainKeys Identified Mail (DKIM).What is DKIM? DomainKeys Identified Mail (DKIM) is an email authentication protocol. It is one of two different types of email authentication, the other being known as Sender Policy Framework (SPF). It uses a public/private key pair to generate a cryptographic signature for an email message, and the signature information is stored in a hidden “DKIM Signature” email header. The signature allows a receiving mail server to confirm that the message body (and various email headers) were not modified (that is to say, this is truly what was sent by the sender), and they also effectively identify the sender, when the domain name of the sender is the domain name used in the signature.A public/private key pair involves both a private key, which is a bit of information
Jennifer Nespola Lantz does it again! Last time it was a deep dive into the topic of IP warming, this time around it is everything you need to know about email authentication technology (and related bits), covering SPF, DKIM, DMARC and BIMI!Click on through for the first in the series (An Introduction to Email Authentication), and you’ll find links right there that can take you to the rest of the posts in the series. Or, if you’re looking to jump directly to a specific article, here you go:Part 1: Why Email Authentication Matters to Your Email ProgramPart 2: Understanding SPF AuthenticationPart 3: Understanding DKIM AuthenticationPart 4: Understanding DMARC AuthenticationPart 5: Understanding BIMI
DKIM Troubleshooting Guide March 29, 2022 Posted by: Nicola Selenu Category: DKIM , Email Authentication , GUIDES , No Comments Intro to the DKIM Troubleshooting Guide What is DKIM DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the […]
There are several causes for DMARC failure. To ensure your emails are properly authenticated and your domain is protected from cybercrime such as spoofing, it’s critical to understand what caused DMARC to fail authentication. When it comes to cyber-attacks, 2021 has shown how unprepared businesses all over the world are. Although Google tries its best to block over 100 million spam messages every day, companies have lost millions of dollars in financial losses due to cybercrime. Spam comes in all shapes and sizes, so why are we so concerned about DMARC email authentication? 94% of all malware is downloaded to a computer via email, and the majority of people are not able to distinguish between a well-crafted phishing email and legitimate messages. DMARC, along with SPF and DKIM, helps you monitor who is sending messages from your email domain and protects your customers from phishing, spoofing, and other email scams. As…
There are several causes for DMARC failure. To ensure your emails are properly authenticated and your domain is protected from cybercrime such as spoofing, it’s critical to understand what caused DMARC to fail authentication. When it comes to cyber-attacks, 2021 has shown how unprepared businesses all over the world are. Although Google tries its best to block over 100 million spam messages every day, companies have lost millions of dollars in financial losses due to cybercrime. Spam comes in all shapes and sizes, so why are we so concerned about DMARC email authentication? 94% of all malware is downloaded to a computer via email, and the majority of people are not able to distinguish between a well-crafted phishing email and legitimate messages. DMARC, along with SPF and DKIM, helps you monitor who is sending messages from your email domain and protects your customers from phishing, spoofing, and other email scams. As
