DKIM: Fight Spam and Forged Email by Signing your Messages
LuxSci has long supported SPF for inbound and outbound email. SPF is a mechanism by which you can specify what servers are permitted to send email for your domain … and identify email from other places that may be fraudulent. This helps stop inbound Spam and helps ensure that your own messages are distinguished from any fraudulently sent ones by your recipients.
DKIM (DomainKeys Identified Mail) is the other standard for preventing email forgery. DKIM works by cryptographically signing each email message sent. The recipients can use information published in your DNS settings to verify if the message was sent from an approved location (e.g. the signature is valid) and that it has not been modified in transit.
LuxSci now supports DKIM for both inbound and outbound email.
See our online DKIM Generator Tool.
Inbound Email: DKIM for Spam Filtering
LuxSci’s Basic Spam Filtering service now automatically supports DKIM to help determine if messages are legitimate or spam. Messages that should have DKIM signatures (but do not) or which have invalid signatures are much more likely to be Spam. For example, all messages from @paypal.com and @ebay.com (among others) should always be signed using DKIM (according to these companies). Any messages that are not should be treated as 100% Spam. This by itself goes a long way to stop the prevalence of forged message from these domains.
Basic Spam Filtering:
- Treats properly signed messages as slightly less spam-like
- Treats messages from organizations that say that all messages should be signed as spam if they are not signed or the signature is invalid
- Treats messages from organizations that say that all messages should be signed AND that messages should be discarded if not, as 100% spam if they are not signed or the signature is invalid. This overrides any “white list” settings that you may have.
- Are properly DKIM signed, or
- Are missing a required DKIM signature or have an invalid DKIM signature, or
- Are DKIM-neutral (e.g. neither of the above)
Outbound Email: DKIM for Signing
- Create DKIM configurations for any domains that their users send email From
- Get the specific settings needed for updating their domain’s DNS settings to publish the DKIM verification information.