So after being alterted to the existence of DKIM by this article posted on HackerNews I wanted to implement it immediatly on my server. DKIM is Domain Keys for Identified Mail, a crypo signing protocol where a pub key sits in your DNS and your mail servers sign your mail as it passes through your server. Seems a little stronger than SPF from a few years ago for authenticating mail’s origin so I was keen to adopt it.

So I found the freshest instructions on the Gentoo wiki and followed them. They were a bit spartan so I went looking for a bit more material and found this Ubuntu tutorial which had some helpful suggestions like the testing section.

After giving the OpenDKIM instructions a first run through I gave the testing a try.

First using dkimcore.org/tools/ I found that the Gentoo OpenDKIM config tool had spat out invalid TXT. It had spat out

v=DKIM1;=rsa; p=MIGfM......

And after some quick internet consultation I found out I needed to fix it to

v=DKIM1; k=rsa; p=MIGfM.....

The second test from the Ubuntu docs was an auto-respond test email system that along with wikipedia I learned about ADSP from. So I added

_adsp._domainkey.mindstab.net. IN TXT "dkim=discardable"

to my Bind config as well. (I’m still not 100% about the final ‘.’). Also it seems the autoresponder email tool doesn’t update its DNS too often so I may have to wait a bit to retest.

So now it seems I should have DKIM signed/valid email! :) Just another step to make sure my email is valid, slightly less spoofable and liked/accepted by the big email providers.

Also, seeing results like this from Gmail after receiving my email seems good:

Received-SPF: pass (google.com: domain of dan@mindstab.net designates 69.164.214.81 as permitted sender) client-ip=69.164.214.81;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of dan@mindstab.net designates 69.164.214.81 as permitted sender) 
  smtp.mail=dan@mindstab.net; dkim=pass header.i=@mindstab.net