Do you offer DKIM signing and support?
Yes - we do offer a function to DKIM sign your emails.
What is DKIM signing?
DKIM (DomainKeys Identified Mail) allows email senders to 'sign' their messages and for recipients to be able to 'verify' that those messages are genuine. It is mainly designed to reduce spoofing / faking of the senders email addresses or message content - it does not automatically guarantee delivery but it can improve deliverability.
Email messages signed with DKIM would include a 'DKIM-Signature' field in the header - this is essentially a cryptographic signature of various parts of the message. When the recipients email system receives the message it would decrypt this signature using the senders 'public key' which is published as part of the senders DNS record.
What parts of the message do you sign?
We DKIM sign the following elements of each message:
- Header From Address
- Header To Address
- Header Reply-To Address
- Header Subject Line
- Header Message ID
- Message Body (including attachments)
IMPORTANT: As per the RFC / DKIM standards it is very important that you only include one of the above in each message. If you include duplicate header fields (i.e. Multiple 'To:' header fields) we will only sign the last one, all others with be ignored and your message may fail DKIM verification upon delivery.
Do you use a shared DKIM key?
No - we issue a unique DKIM key for each domain name so your DKIM reputation cannot be affected by other senders.
Will this affect email I send from my domain name via other providers or servers?
No - the DKIM key uses a AuthSMTP specific 'selector' and the signing will only apply to messages sent via your AuthSMTP account.
How do I enable DKIM signing on my account?
DKIM is enabled on a per domain basis - to enable DKIM on your domain names please login to the control panel and go to 'Advanced Config' -> 'DKIM Signing'.
What if I sign the messages myself?
When sending emails via AuthSMTP you can use DKIM compliant email applications / libraries to pre-sign your email messages before sending them to us. If doing this we recommend you check which parts of your messages need signing and test fully before using in a production environment.
Emails sent through AuthSMTP with DKIM signatures already in place will pass though unmodified even if you ask us to DKIM sign the messages.
For more (specific) information on DKIM see the official DKIM Website.
What can go wrong?
The following common issues will prevent your messages from being signed (but not limited to):
- If we enable DKIM signing on your account and then you DKIM sign the messages yourself before submitting them to us we will not resign them again, they will just pass though unmodified.
- DKIM signed messages must be sent using 7-bit encoding, messages sent using 8-bit encoding may be processed incorrectly and result in DKIM verification failure.
- If for any reason the DKIM key is removed from your domain names DNS after the initial setup your messages will continue to be signed but will fail DKIM verification, this may result in your messages being rejected or filtered to a spam folder.
- Our systems have a number of redundancy features in place that trigger in the event of an outage or extreme spike in mail flow / resource usage, in the event of certain types of issues we may not DKIM sign messages in order to preserve the flow of email. This is unlikely, but a necessary requirement in order to maintain service availability.
Is there any other recommendations when sending DKIM signed messages?
Yes - there is a number of other best practices when sending DKIM signed messages:
- Setup an SPF record for your domain name.
- Setup a DMARC record for your domain name.
- Ensure that your message content is standards compliant and does not include anything that may trigger spam filters.
If you have any questions please contact us.