Spam handling is one of the important aspects to take care to protect your mail address from being abused and DKIM is one of the techniques which can help in that regard.
We already discussed about adding SPF to your domain. DKIM (stands for DomainKeys Identified Mail) is another authentication technique that can be adopted to trace if an incoming mail was authorized to have been sent by the owner of the domain. Thus, it helps to prevent spam and email forgery.
Through DKIM, the sending domain affixes a digital signature to all their outgoing mails. Thus, a private domain key is added to the outgoing mail headers and a public record is present in the DNS records.
When the message is received by the sender, they can retrieve the DNS records and decrypt the mails to find if the message is coming from the right domain.
Setting up DKIM authentication for your domain:
In Google Apps, you can setup the DKIM records in the below easy steps:
- Sign in to the admin console of your Google Apps domain.
- Go to: Apps > Google Apps > Gmail > Authenticate email.
- As the primary domain name appears by default, select the domain for which you want to generate the record.
- Click on “Generate New Record”.
- Let the default prefix be “Google” and click on “Generate”.
- Next, sign in to your domain registrar admin console and go to the DNS records.
- Create a new TXT record with the details received from the admin console. The DNS Hostname should be entered in the 1st section and the TXT value in the 2nd
- The record would be something like: “v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraC3pqvqTkAfXhUn7Kn3JUNMwDkZ65ftwXH58anno/bElnTDAd/idk8kWpslrQIMsvVKAe+mvmBEnpXzJL+0LgTNVTQctUujyilWvcONRd
- After adding the record, save it. Next, you would need to wait for a few hours for it to propagate.
- After 24 hours, turn on Email signing in the Admin Console by clicking on “Authenticate Email” at Apps>Google Apps>Gmail.
- Select the domain from the list for which you want to turn ON DKIM. Now, click on “Start Authentication”.
Verifying DKIM implementation:
To verify if the implementation of DKIM was successful, for your domain, send a mail to your colleague or a test mail to yourself. Check out the “Show original” section to see header details. You could find the signature added to the header.
Alternatively, you can send a mail to check-auth@verifier.port25.com from your email and get the results of SPF and DKIM both. If the result says “PASS”, you have successfully implemented it. J
Spammers will have a hard time now. 😉