Highest Voted 'dkim' Questions - IT Security Stack Exchange

1

vote

1 answer

dkim passes under a different domain's dkim

I read that a SPF fail with DKIM pass means someone has forwarded an email with our domain name attached. I haven't sent any emails to this domain. Is this domain trying to send emails with my domain? Can I stop this behavior with a modification…

dkim spf dmarc

asked Jan 09 '19 at 14:52

euclid4

13
3

1

vote

1 answer

What's the use of DKIM/SPF if it only validates the Enveloppe From?

DKIM and SPF are mentioned as powerful mitigations for having your domain abused for phishing. But when I send a mail like this: Return-Path: From: Citibank security team Reply-To: Noreply…

phishing dkim

asked Dec 05 '18 at 11:11

jornane

415
2
14

1

vote

1 answer

Understanding DKIM validation

DKIM, as read by rfc4871, states to make address forgery more difficult besides protecting sender identity and integrity of the mail. I have been searching for the details, which precise validation step prevents From:-header spoofing, counting in…

dkim

asked Oct 19 '18 at 16:38

Toni

11
1

1

vote

1 answer

Is it bad to use DKIM DNS without signing mails?

Does it provide any trust at all to have DKIM set up correctly in my DNS but not sign any emails? I could not find any information about that. Now, if I send an email to a domain/server with DMARC set up, with policy=reject and adkim=strict, will…

email dns dkim dmarc

asked Jun 09 '18 at 09:49

Hannes

13
2

1

vote

1 answer

How to disable email for a subdomain without using SPF

I am working on a tool that checks SPF records, and would like a way to be able to disable email from a testing subdomain, and its children, so that my test domains are not easy targets for spammers to send from. I was planning on setting up the…

email email-spoofing dkim spf dmarc

asked Jan 20 '18 at 15:44

jrtapsell

3,169
15
30

1

vote

2 answers

SPF and DKIM passes for SPAM message when using SES and Google Mail

We have websites hosted on AWS, are using SES to send out mailings, and use Google Mail for sending and receiving company mail. Every so often I receive SPAM emails to my Priority Inbox in Google because they are marked as coming from our domain…

aws dkim spf google-apps

asked Nov 07 '17 at 16:28

Jordan Reiter

201
2
5

1

vote

2 answers

Could DKIM be used as a proof that an e-mail was sent by a given party?

For quite some time, I was wondering if there are ways I could record forms of communication with, say, Facebook servers and have a plausible proof that a specific event (such as receiving a private message with given contents) actually took places.…

dkim

asked Sep 03 '17 at 06:23

d33tah

6,524
8
38
60

1

vote

1 answer

Is there a passive way to verify DKIM implementations (on DNS level) without triggering an actual email event?

I wondered if there is a way to verify the correctness/validity of DKIM implementations without actually triggering an email event or sending an email to an external validator. So, remotely, on any domain. I was thinking about fetching the DNS TXT…

email digital-signature dns dkim

asked Aug 09 '17 at 21:35

Bob Ortiz

6,234
8
43
90

1

vote

1 answer

Verify senders of earlier emails in chain

I know that an emails' sender can be verified e.g. through DKIM. If I receive an email chain containing replies, forwards, etc. is there any way to verify the sender of other (earlier) emails in the chain?

email dkim dmarc

asked Feb 26 '17 at 20:21

anotherfred

113
4

1

vote

1 answer

Which Domain Validation category does DKIM fall under?

I know that the categories of domain validation are: Regular SSL Multi Domain Validation Wildcard Certificates Premium SSL But I am not sure under which of the above does DKIM falls.

certificates dkim

asked Nov 20 '16 at 02:19

Martin Godfrey

35
2

1

vote

2 answers

Is reverse DNS a must have to prevent emails delivered as spam?

I was considering setting up my own mail server and one of the things I've read about is that I must setup reverse DNS to do not get caught by a spam filter. Is that really a must? Aren't SPF and DKIM enough to prevent be labeled as spam?

email dns spam spf dkim

asked Nov 18 '16 at 10:42

The Illusive Man

10,487
16
56
88

1

vote

1 answer

Missing DKIM, but having digital signature, will this help mitigate ending up in spam folder?

According to this mail tester: https://www.mail-tester.com I am quite fine with sending emails from my domain's email info@vlastimilburian.cz According to this mail tester: http://mailtester.com/testmail.php I am also fine, regarding SPF. And…

email digital-signature dkim spf

asked Oct 18 '16 at 09:36

LinuxSecurityFreak

1,562
2
18
32

0

votes

1 answer

DKIM from another domain, how does it work?

I've recently started configuringn and using DMARC reports and I have the following question. How can the DKIM domain not be my domain (and pass)? I have the following report 185.53.XXX.XXX …

dkim dmarc

asked Sep 15 '22 at 11:12

mb14

103
3

0

votes

1 answer

How do SPF and DKIM work together prevent spoofing?

I'm trying to understand how SPF and DKIM can be used to prevent email spoofing. One of the things I find confusing is that the SSID/AUID of a DKIM signed message can be different from both the envelope From and header From. For example: Say I…

spf dkim

asked Sep 15 '22 at 04:40

jay.lee

103
3

0

votes

0 answers

DKIM/SPF What does it mean when policy_evaluated fails but auth_results passes?

I am trying to get the DKIM and SPF settings correct for a client who uses both GSuite and WordPress to send her emails. I added this dmarc: v=DMARC1; p=none; rua=mailto:l***@******ney.com; fo=1; adkim=r; aspf=r; (when I set the p to quarantine…

spam spf dkim dmarc

asked Aug 30 '22 at 23:27

OM4U

1

Questions tagged [dkim]