DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by allowing the receiving party to verify with the sending party that the email actually originates from their domain.
Questions tagged [dkim]
65 questions
3
votes
2 answers
DMARC policy result when exactly one of SPF and DKIM fails and exactly one succeeds
E-mail forwarding can break SPF, but it should not break DKIM. I want to make a DMARC policy that will evaluate to "pass" when either DKIM or SPF passes, and "fail" when neither DKIM or SPF passes. Is this possible? If so, how is this done?
I'm…
jornane
- 415
- 2
- 14
3
votes
1 answer
Understand DMARC report before starting quarantine
I work for a small company. We have lot of IP black listed because of spamming.
We decided to setup dmarc for our mail server. This has been setup and is working correctly.
The issue now is that in the report, few record pass dmarc policy and…
dmx
- 227
- 3
- 8
3
votes
1 answer
Dmarc: Why do I have dkim=fail, spf=fail and result=pass
I have set up my company dmarc. It is in test mode and I regularly receive reports. Some seem weird to me and I would like to understand. For example, I have received a report with SPF and dkim failed, but the result is passed. I would like to go…
dmx
- 227
- 3
- 8
3
votes
1 answer
How to read dmarc record for a report?
I have a dmarc file containing some record. I am bit surprised by the result and I would like to make sure I am reading it correctly.
Here is the record:
1.2.3.4
1
…
dmx
- 227
- 3
- 8
3
votes
1 answer
Are high levels of email spam normal?
I have got my SPF, DKIM & DMARC records correctly setup and I have started using a DMARC analysis service.
One thing I have noticed is the volume failures. For example, in the last 3 days I have had 16,000 without correct SPF & DKIM.
I am confidant…
Ashley Medway
- 131
- 4
3
votes
2 answers
Why do email that didn't pass SPF checks go to my mailbox?
I tried a website that supposedly sends spoofed email. I sent myself an email impersonating another email address and the message showed up in my yahoo mailbox even though according to the headers it did not pass the spf check because the server…
miguel
- 133
- 1
- 4
3
votes
2 answers
PGP Key Signing Robot DKIM Verified Emails
It occurred to me that DKIM verified emails, from major players (e.g., GMail), could open the door to more modern OpenPGP robot key signing authorities.
The idea would be to ask people to send a key singing request to a known address (e.g.,…
afourney
- 419
- 3
- 11
2
votes
2 answers
DMARC report for mails I didn't send
I set up DKIM, DMARC and SPF on my domain/server a few years ago, and never touched it again since then.
Here are my DNS records (my domain is mydomain.com and my IP addresses are 1.1.1.1 and 2001::1):
mydomain.com. 0 TXT "v=spf1 mx a ptr…
Foo
- 23
- 3
2
votes
1 answer
Why do we need DKIM to be used along with S/Mime?
S/Mime can be used to encrypt email and it can also be used by the sender to provide his digital signature so that the recipient is able to confirm the authenticity of the sender.
Why then do we still need to have DKIM implemented on top of S/Mime…
Akash sharma
- 23
- 1
- 4
2
votes
1 answer
Is it safe to post the output of Linux dig (DNS) commands?
I need help debugging/troubleshooting a DNS/DKIM issue over on ServerFault, but it looks like I need to paste the results of running:
dig my-dns-record.example.com CNAME
...where my-dns-record.example.com is a placeholder for my actual domain…
smeeb
- 689
- 6
- 11
2
votes
1 answer
How can I prove that mail sent was NOT caused by the newly deployed DMARC policy?
I understand that by publishing an initial p=none policy, you basically instruct recipients that participate in DMARC to NOT treat incoming mail any different than how they did before a DMARC policy was published.
Regardless of the DMARC alignment…
pescator
- 51
- 3
2
votes
1 answer
DMARC annoyances
I've recently setup a mail server, which will be handling email for multiple people and domains. Appropriate SPF, DKIM, DMARC and ADSP records have been added, yet I'm getting something confusing:
Authentication-Results: mx.google.com; spf=pass…
Cydnie-Naomi
- 21
- 1
1
vote
1 answer
What’s the purpose of an invalid wildcard DKIM record?
Microsoft and GOV.UK recommend creating a record like the following on any domain that doesn’t send email.
TXT *._domainkey v=DKIM1;p=
As I understand it, the purpose is to explicitly fail DKIM, rather than leaving open the possibility that…
twhb
- 111
- 2
1
vote
0 answers
SPF fail, DKIM pass, where did the emails originate from
I have been a victim of a fraud where my solicitor's email address was used to dupe me out of a house purchase deposit. How do I determine where the emails originated from - did the crooks use emails from my inbox (hotmail) that somehow got…
Claire
- 11
- 1
1
vote
2 answers
SPF, DKIM and DMARC - How do receiving/recipient mail servers know how and when to validate the mail?
I have spent a bit of time researching SPF, DKIM and DMARC mechanisms however If I understand correctly, these help the recipient to confirm whether the domain is legitimate but only if they have these mechanisms configured correctly and…
Chaplin
- 13
- 3