" dkim Archives - Page 3 of 5 - LuxSci

Posts Tagged ‘dkim’

API Enhancements for DKIM Automation

Wednesday, December 2nd, 2020

DKIM, Domain Keys identified Mail, is a critical component to ensuring good INBOX delivery of email messages for day-to-day email, email marketing, and transactional email.  DKIM digitally signs outbound email so that the message recipients can verify that the messages originated from email servers authorized to send email from the sender.  I.e., it helps recipients identify and discard forged and fraudulent email messages while keeping legitimate ones.

API Enhancements for DKIM

In order to use DKIM with LuxSci, customers need to:

  1. Have LuxSci generate keys for each sending domain
  2. Update the DNS settings for each domain to publish the DKIM public key.

See LuxSci’s Help for our general DKIM setup instructions for more details.  These steps are pretty quick and easy, unless you have a large number of domains that you are sending email from.

To help such customers automate their workflow and manage their domains, LuxSci’s API has been augmented to enable management of DKIM keys for LuxSci customers.  The API now permits:

  1. Creation of new DKIM keys for new domains.
  2. Downloading the DKIM information needed for the DNS configuration.
  3. Deletion of DKIM keys for domains no longer in use.

Together with LuxSci’s other API endpoints, LuxSci customers can automate the addition and deletion of domains, email aliases, users, and now DKIM settings.  LuxSci is committed to continually expanding its API capabilities to enable and support automated workflows and processes.

Tags: api, dkim
Posted in New Feature Announcements
Comments Off on API Enhancements for DKIM Automation

Save Yourself From “Yourself”: Stop Spam From Your Own Address

Friday, September 22nd, 2017

I just got junk email … from me!

It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “joe@domain.com” gets a Spam email addressed so it appears to be from “joe@domain.com”).  We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam – “Who Stole My Email Address”?  However, many users wonder how this is even possible, while others are concerned if their Spam filters are not catching these messages.

How can Spammers use your email address to send Spam?

The way that email works at a fundamental level, there is very little validation performed on the apparent identity of the “Sender” of an email.  Just as you could mail a letter at the post office and write any return address on it, a Spammer can compose and send an email address with any “From” email address and name.  This is in fact extremely easy to do, and Spammers use this facility with almost every message that they send.

Read the rest of this post »

Tags: allow list, dkim, email address, filtering, forged email, sender, smtp, spam, spf, white list
Posted in LuxSci Library: The Technical Side of Email, Popular Posts
2 Comments »

ARC and SMTP MTA-STS: The State of Domain-based Email Authentication – Part 3

Tuesday, September 19th, 2017

We’ll close (for now) our three part series on the state of domain-based authentication for emails by completing the story on technologies being deployed or defined to improve the security of the email ecosystem. In Part 1, we wrote about using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate the sending mail server. Part 2 described how Domain-based Message Authentication, Reporting and Conformance (DMARC) is used to provide clear guidelines for the treatment of mail that fail SPF and/or DKIM authentication.

In this post, we’ll touch on two topics that are mature works in progress in the IETF, the technical standardization organization that has brought us so much of the protocols that govern the internet. The first technology is Authenticated Received Chain (ARC), defined to handle the shortcomings of SPF and DKIM when used with mail forwarders or mailing lists. The second technology is about correcting the lack of security between Message Transfer Agents (MTA), and a solution to enforce strict transport layer security for SMTP message transfer between MTAs.

It’s worth reiterating again that all these technologies are building blocks, and only when used and deployed collectively by the entire ecosystem can we hope to create the barriers needed to thwart fake emails and mail surveillance by malicious actors.

Read the rest of this post »

Tags: ARC, dkim, DMARC, MTA, spf, ssl, STS
Posted in LuxSci Library: The Technical Side of Email
No comments »

DMARC: The State of Domain-based Email Authentication – Part 2

Monday, September 11th, 2017

Building a safer email ecosystem with DMARC

In our previous post, we described two techniques for authenticating an email sender:

  • Sender Policy Framework (SPF), IETF RFC 7208, which verifies if the sending MTA is indeed authorized to send mail on behalf of a domain; and
  • DomainKeys Identified Mail (DKIM), IETF RFC 6376, where a domain shows “ownership” of a mail it sends by signing portions of it so that critical aspects cannot be forged by intermediaries.

Like most technologies, these are just individual weapons in the arsenal for fighting phishing and spam. Weapons, like all tools, need to be properly used if they are to be effective. Unfortunately, as we described in the earlier post, both SPF and DKIM are deployed in a manner that reduces their usefulness. With SPF, the validation policy set by the sender is often chosen in a manner that leaves handling authentication failures at the discretion of the recipient. DKIM, on the other hand, does not even have an explicit policy directive set by the sender. Moreover, in a heterogeneous mail environment, some perfectly legitimate MTAs might not be capable of signing messages.

Building a safer email system with DMARC

Thus, receivers in actual deployments tend to “soft fail” any SPF and/or DKIM validation failures as there are reasonable situations when legitimate mail can fail such checks. A common example is forwarded mail (which fails SPF), or mail sent via a mailing list (which fails DKIM). Mail providers consider it better to deliver most mail (even if some are fake or spammy) rather than risk dropping legitimate mail. Thus, neither of these techniques individually or combined provide clear guidance to receivers, and the resulting actions can be inconsistent.

Read the rest of this post »

Tags: dkim, DMARC, Domain-based Message Authentication, DomainKeys Identified Mai, email, Reporting and Conformance, sender policy framework, spf
Posted in LuxSci Library: The Technical Side of Email
No comments »

Self-Addressed Spoofed Email: How to Shut Down Spam

Thursday, May 11th, 2017

Spam messages coming from… your own email? This may sound like a cheesy movie plot, but this form of spam, known as “spoofing,” can have horrifying consequences if they result in compromised security, stolen data, or malware on your company’s machines. Read on to find out how to snuff out spoofing and help everyone avoid these attacks in the future.

Forged Email

Read the rest of this post »

Tags: dkim, email, forged email, pgp, s/mime, SFP
Posted in LuxSci Library: The Technical Side of Email
No comments »

« Older Entries
Newer Entries »