A while ago someone came to me, asked if I can add DKIM so his company is not identified as a spammer. In a way, yes but in another way is a no. Why do I say so?
DKIM is easy to advertise in the zone records nowadays. Many popular control panels have such ability to publish whether your DNS is hosted on the same server or just copy them into your DNS hosted elsewhere. Whichever the case, DKIM allows you to sign an outgoing email is to match with the public key you have advertised in the public DNS, to tell others it is sent by real me.
DKIM is one of the best methods to identify email is spoofed, impersonating a person in the organization. Here’s the catch, only the authorized mail server signed that email. If you are using another email server signed with different keys, it will cause a failure if DKIM of your recipient mail server is validating DKIM.
2 things, if your recipient mail server is not checking on DKIM or no action is taken. The real sender email account has been compromised. For these cases, how can DKIM protect your organization?
A few years back, I still telling many to use SPF to prevent outgoing email domain spoofing. For today, it is more than SPK record, DKIM & DMARC have become a must to prevent email domain spoofing and enhance your email delivery.
However, many still do not have these in their DNS records or just SPF. I personally think this is the moment to have all these 3 if you have not published them for your domain.
There are just too many spam, scam and phishing emails out there. Many email server administrators have tightened their email security, while this filtering rule is tighter, missing records on your domain DNS can be caused delivery failure if they are verifying, also receiving more spam emails.
Thus, it is important to implement all these three items. Modern control panels like cPanel or Plesk is just a few clicks away to seitch on SPF and DKIM. For DMARC, just Google and it is not difficult to have one too.
Hope this article is useful to our readers. We discuss a few things you must do to ensure before sending emails to someone.
These are common mistakes from many. Even for the service providers, it is common to find these mistakes for those incoming emails.
I’m listing them here and you can check if you have done these or you should you quickly rectify them.
a. Find out your SMTP Mail server IP address, It is important to know which IP address your emails are sending out from.
b. Once you know the outbound IP address. Go to MXtoolbox https://mxtoolbox.com/blacklists.aspx to check if your outbound IP address is blacklisted by the popular RBLs.
Make sure your IP address is not blacklisted, otherwise your emails might be rejected at your recipients’ mail server.
c. Now, we make sure this outbound is listed in the DNS SPF record using this tool https://mxtoolbox.com/spf.aspx.
d. PTR record or rDNS on your outbound IP address. Using this https://mxtoolbox.com/ReverseLookup.aspx
e. You can enhance your email delivery by adding DKIM. DKIM is a kind of signature acts as the emails are sent by the sender via the permitted mail server. Most tools online are not friendly for the layman. Just write to our support team with the email address you want to check, our engineers will find out for you.
f. DMARC – This is yet widely practised and this will not work if your recipient’s mail server does not do a DMARC check. DMARC prevents spoofing and phishing like you have SPF, DKIM or both. DMARC does a bit more, like sending reports and action published in the DMARC record.
We encourage domain to publish DMARC and the above to protect your business and brand.