DomainKeys Identified Email Becomes Standard

Posted by Robert Barclay 

The Internet Engineering Task Force has approved DomainKeys Identified Email (commonly known as DKIM) as a technical standard for email. This clears the way for emailers to implement DKIM and for ISPs to potentially use it to either block or allow email through its system.

We actually think this is great news. It means that DKIM will eventually become the replacement to DomainKeys (DK) as the primary cryptographic-based authentication standard. DKIM has some great advantages over DK, but for my money the biggest one is “third party signing,” meaning it allows a domain other than the “From:” domain to sign the messages. There are many cases where the person sending the mail doesn’t control the “From:” domain. Third party signing solves that problem, and as a result makes it much more likely that large companies can sign all their mail, even when outsourced to an ESP.

So what’s a mailer to do?

You don’t have to move to DKIM right away – the major ISPs aren’t using it yet. Yahoo! and Gmail appear to still use DK. However, we expect them to add support for DKIM soon. So get ready:

1. Make sure you have a Mail Transfer Agent (MTA) that’s capable of signing mail. If you don’t, get a new one. There are a lot of great open source MTAs and commercial MTAs that can do this. If you aren’t signing with DK today we strongly recommend that you do.

2. Make sure you know which domains you want to sign and where all the mail for those domains are being sent from. Note: you should be signing all mail from domains that look like they come from you. This is a big mistake that we see emailers making all the time. Ask yourself, “What domains are most closely tied to my brand?” and “What domains would cause the most harm if they were spoofed?” If you don’t sign some of your emails you are leaving a huge opening for phishers. It’s a little like having a fancy alarm system on every door in the house and then leaving the back door wide open. If you aren’t going to lock everything down it’s almost not worth bothering.

3. If you aren’t already convinced, authenticate! As George Bilbrey wrote last month, authentication is crucial to making email better and safer for all. It’s not a panacea for deliverability, but it is still a very important part of keeping your email infrastructure in good working order. If you need help with current authentication standards, check out our step-by-step guide.

Author Image

About Robert Barclay

Robert has spent the majority of his career building data products for marketing clients. He has worked at Return Path for the last 13 years and at Experian and several other email service providers prior to that. Among his many roles in that time, he has been a Product Manager, Software Developer, a Data Scientist. Robert now focuses his work on R&D efforts to find new ways to help clients improve their email programs and make better use of the vast amounts of data available to them.

Author Archive