DKIM/DomainKeys FAQ

 

The frequently asked questions below provide you with a good foundation for working with DKIM/DomainKeys. To go directly to the topic that explains how to set up and use DKIM/DomainKeys in ListManager, click here.

What is email authentication?

 

Email authentication is a way to ensure that email actually comes from whoever it claims to come from. It's a vital step in stopping spam, forgery, fraud, and even more serious crimes.

 

What is DKIM/DomainKeys?

 

DomainKeys is an email authentication system created by Yahoo. It gives email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e., that they were not altered during transit). Since the actual domain can be verified, it can be compared to the domain claimed in the From: field of the message. If the sender is genuine, a profile can be established for that domain that can be tied into anti-spam policies. If the email is a forgery, it can be dropped, flagged or quarantined.

DKIM stands for "DomainKeys Identified Mail." It is an enhanced version of DomainKeys. (Learn more about the differences.)

 

DKIM/DomainKeys uses something called a digital signature. What is that?

 

A digital signature is a technology used to simulate the security properties of a handwritten signature in digital form. This is accomplished by creating a "private key," available on your outbound mail servers, and a matching "public key," which you publish in DNS. When you send email, your email system automatically uses the stored private key to generate a digital signature of the message which is then attached to the message. The receiving email system fetches the public key from DNS and uses it to verify that the signature was generated by the matching private key (or not).

 

How does DKIM/DomainKeys help with branding?

 

Preventing forged email helps you in a number of ways, including branding. Using DKIM/DomainKeys reduces the chance that someone will impersonate your domain and use it for fraudulent purposes, including "phishing attacks" -- the solicitation of personal information such as passwords, credit card numbers, etc.

 

How does DKIM/DomainKeys help with deliverability?

 

Using DKIM/DomainKeys doesn't guarantee that your email will bypass any spam filters on the receiving end, but if your recipients can confirm that the email truly came from you, and if they consider you someone of good reputation, they are more likely to receive and open your mail.

 

What are email "headers"?

 

Headers are pieces of information that get attached to email as it makes its journey from the sender, through various computers on the Internet, and on to the receiver. Here is an email that was sent from Yahoo; some of the more basic headers are outlined, including:

 

Date: the date the email was created.

From: who sent the email (supposedly).

To: who it's going to.

Subject: the subject line created by the originator of the email.

 

 

Why are headers important to DKIM/DomainKeys?

 

When you use DKIM and/or DomainKeys, additional headers are added to each email.

DomainKeys adds a header called DomainKeys-Signature.

DKIM adds a header called DKIM-Signature.

These headers contain digital signatures of the message which are generated using the stored private key described in the above section about digital signatures.

How do I use the "Header" field in ListManager?

 

You can learn more about it here.

What is the difference between the "From" header and the "Sender" header?

 

The From header contains the creator(s) of the message; the Sender header contains the mailbox of the agent responsible for the actual transmission of the message. In many instances, these are one and the same, in which case only the From header is used. There may be situations where these are two separate entities; for example, if a secretary were to send a message for another person, the mailbox of the secretary would be in the Sender header and the mailbox of the author(s) would appear in the From header. If there are two or more authors (and therefore two or more From mailboxes), the Sender header, with a single mailbox listed, must appear in the message.

 

How is this information about the From and Sender headers useful when using ListManager?

 

If the ListManager Internet Host Name domain of the site and the From domain match, ListManager includes the From header but not the Sender header in the digital signature. If the ListManager site name and the From domain are different, the Sender header is included.

 

I sent some mail and then viewed it in Outlook. In the From field, it said "From <address 1> on behalf of <address 2>." Since the email looks like it came from two different places, I'm concerned that recipients will view it suspiciously. What's going on?

 

This occurs in Outlook if you have a From header and a Sender header. Outlook interprets this as "From <Sender header> on behalf of <From header>."

 

If you are concerned about what your Outlook recipients will see, ensure that your outgoing mail only contains a From header, not a Sender header.

 

How can I ensure that my email only has a From header?

 

One solution would be to use an autoresponder. You can learn more about autoresponders here.

I sent a message and then opened it in Yahoo and looked at the headers. I'm pretty sure there should be a Sender header, but none is displayed. Why?

 

Yahoo does not display the Sender header, even when you view all headers.

I used the merge tag %%author.nameemail%% in the From: field in my message and my DomainKeys signing failed. What happened?

Your message merged an email address that was invalid. If a merge tag appears in the From: header, you must ensure that it represents a valid email address.

How can I test DKIM/DomainKeys?

 

Send a message to any Yahoo or Gmail account, and then view the headers. Yahoo uses DomainKeys; Gmail uses DKIM.

 

Does Yahoo require DKIM/DomainKeys for its Feedback Loop?

 

Yes. Contact your Yahoo representative for Feedback Loop applications.

 

When I open a typical email, I only see a few of the most basic headers. How do I view all headers in Yahoo / Outlook / Gmail?

 

In Yahoo:

1. Open the email.

2. In the lower right corner of the screen, click Full Headers.

 

 

In Outlook:

1. Open the email.

2. On the Toolbar, click View, and then click Options.

3. In the Message Options dialog, the headers are displayed in the Internet Headers section.

 

 

 

 

In Gmail:

1. Open the email.

2. At the top-right of the message pane, click the down arrow next to Reply.

3. Select Show Original.

 

 

I'm currently blocked / greylisted / tarpitted by Yahoo. How can I test my DKIM/DomainKeys without being able to see Yahoo headers?

 

You can get around this by using a free tool made by the Email Sender & Provider Coalition (ESPC).

 

http://senderid.espcoalition.org/

 

However, note that the ESPC tool may not validate DKIM/DomainKeys the same way Yahoo does.

What happens if I send a mailing for which DKIM/DomainKeys has been set up incorrectly?

See the topic "Failed Verifications and Warning Messages."

The From: field in my mailing contains a merge tag. Will DKIM/DomainKeys still validate it?

No; ListManager will not merge and then validate the domain. The mailing will be signed and sent out, but you must verify that the domains match.


Next: Setting Up and Using DKIM/DomainKeys in ListManager