DKIM Email record

0

I have added a DKIM record to my websites DNS via my control panel.

When I send an email from Thunderbird and test the signature, the SPF and DMARC show fine They do not seem to find a DKIM record for the email.

I was wondering if anyone could help me with this? I have added the public key to the DNS, however, have nowhere to store the private key. The site I used to create the DKIM record (dkimcore.org) apparently stores the private key on their servers.

Can anyone give advice on how to have my DKIM show when sending emails through Thunderbird.

SupGen

Posted 2019-06-06T18:57:23.877

Reputation: 123

What email system do you use and did you configure it to add the DKIM header correctly to your outgoing mail? – StarCat – 2019-06-07T09:50:39.360

@StarCat I am quite new to this so forgive me if I go round in circles with my explanations :-). My emails go through 1&1 Ionos webmail and I use thunderbird as my email client – SupGen – 2019-06-07T19:30:52.503

@StarCat I have just found, after various phonecalls, that 1&1 Ionos do not support DKIM Records in their webmail... My record is shown when I do a test for the specific selector that I have set in the DNS but it does not seem to show when I send emails which has left me confused... They say they offer DMARC as ana lternative which I have also set up. Is DMARC a comparable alternative for verifying emails? – SupGen – 2019-06-07T19:36:31.573

Answers

2

it does not seem to show when I send emails

Well, you don't have anything which would add it.

SPF and DMARC records are self-contained, they only indicate some policy and do not change the message itself. DKIM works differently, it requires that the "sending" mail server actually sign the message using the private key and attach the signature as a header. (It's similar to PGP signatures, but usually done by the server, not by the mail app.)

So you must put the private key on the mail server. If you've found out that 1&1 doesn't support custom DKIM keys, your only other option is to run your own SMTP server for Thunderbird; make it sign messages with the DKIM key; then (probably) relay them to 1&1's SMTP server for actual delivery to the recipient.

(The 'relay to 1&1' part isn't strictly required, but it'll let you avoid additional hassle of trying to earn spamfilters' trust.)

DMARC is not a direct alternative to DKIM. It's a policy record that makes the verification of existing DKIM and SPF data a bit stricter (e.g. requiring all domains to match), but does not actually provide the digital signatures themselves.

(Perhaps the provider is confusing DMARC with ARC? The latter is a derivative of DKIM with more features, but is currently very rare outside of Gmail.)

user1686

Posted 2019-06-06T18:57:23.877

Reputation: 283 655

Thank you for your reply. setting up my own email server sounds good, however, in the mean time, i might be best looking for a different email provider. is there any you know of that would allow me to register my own DKIM private key which will relay to 1&1 so that all my email addresses are preserved in their current state? – SupGen – 2019-06-07T20:10:02.530

Asked: 2019-06-06T18:57:23.877

Viewed: 256 times

Active: 2019-06-07T20:10:52.450