The DKIM (DomainKeys Identified Mail) system originates from the DomainKeys system first developed by Yahoo as a way for email to be validated by its recipient, verifying that the origin of the email really is the sender that appears in the heading of the email.
This system is not really designed specifically to fight SPAM; it is authentication technology. But it is used for this purpose because it determines if email addresses are “legitimate” or not. In fact, if everyone used DKIM, email servers could discard any message not identified by the DKIM system as authentic or at least those from sending domains used illegally by spammers to seem more legitimate. They could continue sending from their own domains, but they would quickly end up on SPAM lists. For this reason, this system is very useful to fight against phishing.
How does it work?
DKIM includes a heading in the message with a digital signature of the message’s content. In other words, it is unique for each body and heading. When an email is sent, the recipient server consults the DNS of the sending domain and, if the DKIM signature in the “from” field is configured, it obtains the domain’s public key encryption and uses it to decipher the data in the heading signature field and recalculate the value of the message’s signature (heading and body) that it has received.
These two values should be the same in order for a data integrity system to verify the authenticity of the message from one extreme to the other (from one signing module to a validating module), which gives DKIM advantages compared to other systems used to avoided unwanted email, like the SPF, since it makes sender fraud more difficult.
DKIM has some inherent disadvantages in how it functions, like the consumption of resources by the servers (this implies processes of encryption and decryption for each email by the sending server as well as the receiving server) or the problem of modifying the content of emails in transit (which annuls the verification of the key encryption generated by the content), but the problems are being resolved and DKIM is being used more and more frequently. It enormously improves the reputation of domains that implement it to send their email messages. For this reason, we recommend that Mailrelay users configure it.
How to configure the DKIM system to use with Mailrelay?
If you are a user of the Enterprise version (DKIM is not included in the standard version), make a request to Mailrelay to activate the system.
Then contact your domain administrator or Webmaster and inform them that in your sending domain, for example mydomain.com, they need to create the following sub-domain, connected to this sending domain:
dkim._domainkey.yourdomain.com
and configure the TXT records (all in the same line, all together):
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSAHkvh8dRCsiMTud+hfC+MX2MgmO8PQHHcGxoim7mI+FhgOiOS5WgBUpZsZ60M2eLhBbJkMFLjC1OS0xDf9suh+Tl4tVirMXnWIS+zrR1xLX15/ItB7+x8FG4HHR5aD8BB4OHCTk3WjzF5YU/KFx0riP/wsU7Z5XRK6OwwNcCTQIDAQAB;
To check that it is configured correctly, you simply need to send a test email from Mailrelay with the sending domain for which you have created the sub-domains and TXT records, to Gmail or Yahoo, selecting the option to show content in the heading. In the heading of the message, you should put dkim=pass