DomainKeys Identified Email Becomes Standard

The Internet Engineering Task Force has approved DomainKeys Identified Email (commonly known as DKIM) as a technical standard for email. This clears the way for emailers to implement DKIM and for ISPs to potentially use it to either block or allow email through its system.

We actually think this is great news. It means that DKIM will eventually become the replacement to DomainKeys (DK) as the primary cryptographic-based authentication standard. DKIM has some great advantages over DK, but for my money the biggest one is “third party signing,” meaning it allows a domain other than the “From:” domain to sign the messages. There are many cases where the person sending the mail doesn’t control the “From:” domain. Third party signing solves that problem, and as a result makes it much more likely that large companies can sign all their mail, even when outsourced to an ESP.

So what’s a mailer to do?

You don’t have to move to DKIM right away – the major ISPs aren’t using it yet. Yahoo! and Gmail appear to still use DK. However, we expect them to add support for DKIM soon. So get ready:

1. Make sure you have a Mail Transfer Agent (MTA) that’s capable of signing mail. If you don’t, get a new one. There are a lot of great open source MTAs and commercial MTAs that can do this. If you aren’t signing with DK today we strongly recommend that you do.

2. Make sure you know which domains you want to sign and where all the mail for those domains are being sent from. Note: you should be signing all mail from domains that look like they come from you. This is a big mistake that we see emailers making all the time. Ask yourself, “What domains are most closely tied to my brand?” and “What domains would cause the most harm if they were spoofed?” If you don’t sign some of your emails you are leaving a huge opening for phishers. It’s a little like having a fancy alarm system on every door in the house and then leaving the back door wide open. If you aren’t going to lock everything down it’s almost not worth bothering.

3. If you aren’t already convinced, authenticate! As George Bilbrey wrote last month, authentication is crucial to making email better and safer for all. It’s not a panacea for deliverability, but it is still a very important part of keeping your email infrastructure in good working order. If you need help with current authentication standards, check out our step-by-step guide.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time