So after being alterted to the existence of DKIM by this article posted on HackerNews I wanted to implement it immediatly on my server. DKIM is Domain Keys for Identified Mail, a crypo signing protocol where a pub key sits in your DNS and your mail servers sign your mail as it passes through your server. Seems a little stronger than SPF from a few years ago for authenticating mail’s origin so I was keen to adopt it.
So I found the freshest instructions on the Gentoo wiki and followed them. They were a bit spartan so I went looking for a bit more material and found this Ubuntu tutorial which had some helpful suggestions like the testing section.
After giving the OpenDKIM instructions a first run through I gave the testing a try.
First using dkimcore.org/tools/ I found that the Gentoo OpenDKIM config tool had spat out invalid TXT. It had spat out
And after some quick internet consultation I found out I needed to fix it to
v=DKIM1; k=rsa; p=MIGfM.....
The second test from the Ubuntu docs was an auto-respond test email system that along with wikipedia I learned about ADSP from. So I added
_adsp._domainkey.mindstab.net. IN TXT "dkim=discardable"
to my Bind config as well. (I’m still not 100% about the final ‘.’). Also it seems the autoresponder email tool doesn’t update its DNS too often so I may have to wait a bit to retest.
So now it seems I should have DKIM signed/valid email! :) Just another step to make sure my email is valid, slightly less spoofable and liked/accepted by the big email providers.
Also, seeing results like this from Gmail after receiving my email seems good:
Received-SPF: pass (google.com: domain of email@example.com designates 184.108.40.206 as permitted sender) client-ip=220.127.116.11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of firstname.lastname@example.org designates 18.104.22.168 as permitted sender) email@example.com; dkim=pass firstname.lastname@example.org