The Internet Engineering Task Force has approved DomainKeys Identified Email (commonly known as DKIM) as a technical standard for email. This clears the way for emailers to implement DKIM and for ISPs to potentially use it to either block or allow email through its system.
We actually think this is great news. It means that DKIM will eventually become the replacement to DomainKeys (DK) as the primary cryptographic-based authentication standard. DKIM has some great advantages over DK, but for my money the biggest one is “third party signing,” meaning it allows a domain other than the “From:” domain to sign the messages. There are many cases where the person sending the mail doesn’t control the “From:” domain. Third party signing solves that problem, and as a result makes it much more likely that large companies can sign all their mail, even when outsourced to an ESP.
So what’s a mailer to do?
You don’t have to move to DKIM right away – the major ISPs aren’t using it yet. Yahoo! and Gmail appear to still use DK. However, we expect them to add support for DKIM soon. So get ready:
1. Make sure you have a Mail Transfer Agent (MTA) that’s capable of signing mail. If you don’t, get a new one. There are a lot of great open source MTAs and commercial MTAs that can do this. If you aren’t signing with DK today we strongly recommend that you do.
2. Make sure you know which domains you want to sign and where all the mail for those domains are being sent from. Note: you should be signing all mail from domains that look like they come from you. This is a big mistake that we see emailers making all the time. Ask yourself, “What domains are most closely tied to my brand?” and “What domains would cause the most harm if they were spoofed?” If you don’t sign some of your emails you are leaving a huge opening for phishers. It’s a little like having a fancy alarm system on every door in the house and then leaving the back door wide open. If you aren’t going to lock everything down it’s almost not worth bothering.
3. If you aren’t already convinced, authenticate! As George Bilbrey wrote last month, authentication is crucial to making email better and safer for all. It’s not a panacea for deliverability, but it is still a very important part of keeping your email infrastructure in good working order. If you need help with current authentication standards, check out our step-by-step guide.