Forgive the noob question, but up until yesterday I didn't even know what a DKIM was.
We are using Windows Server 2008 R2 and mailEnable 5.51 Standard Edition as an out going only SMTP. This is only used by JMail form to email traffic.
I'm trying to cut down on the amount out outgoing emails being classed as spam by customers email clients or by people like gmail, hotmail, AOL etc.
I was advised to consider setting up DKIM and pointed in the direction of https://www.socketlabs.com/domainkey-dkim-generation-wizard/ to generate a key.
For example, for domain : somedomain.com, selector : key1
Which give me the following:
Name Value
_domainkey.somedomain.com t=y;o=~;
key1._domainkey.somedomain.com k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAzmaNvSCwQX+jO/9SmZyA7Eg3W269ZqIdPxV1su9vXvN5Wac1gZpEpogS9CPe5TeWtTx/yph2niB88NuDOx0wX54529XLiRxanc6gZDMsE6+p+DYqpNV2Hi4VPusWl9zlrLo5ySfSLE7sKmzqKx1JCOBJ7sWzY/i0+dc4Bfq9VwIDAQAB
This bit I'm ok with, and understand about adding the TXT records to the domains DNS.
The problem I'm having is what to do with the private key.
I understand mailEnable does support DKIM but you have to upgrade to a newer Enterprise Edition, which we are not in the market for at the moment.
But, because I convert the forms to email myself using classic .asp (VB.Script) and construct the emails using JMail can't I use something like:
AddHeader('key', 'value')
To manually create the private DKIM header needed to complete the system?
If so, how do I go from the data in the private key to the DKIM headers required in the emails header?
Related
I've bought a domain and I'm hosting Cloudflare as my DNS host. I mainly use this domain for sending emails.
I use Google workspace for receiving and sending emails, but I also use the Sendgrid API to send one automatic email a day from a simple python program (using Sendgrid's python library) I keep running.
I have correctly authenticated my domain in Sendgrid and added the CNAME records to Cloudflare as Sendgrid advises. I have also configured Google correctly with my domain using their info. I've tested both configurations with their tools.
I'm now in the process of adding extra security to my emails. I've configured SPF, DMARC and DKIM using the simple instructions Google provides. Added all the records once again to my DNS provider (Cloudflare) and started to observe my daily DMARC reports.
I'm using URIports (https://app.uriports.com/) to make sense of these reports :P
Apparently, everything is ok with the mails I send from Google. But not ok with the emails sent via Sengrid. The DMARC analysis is the following:
We have received the following report from google.com about 1 message that was received in the following timespan: 02-13 0:00 (24h). This email was received from IP address xxx.xxx.xxx.xxx with hostname something.outbound-mail.sendgrid.net supposedly from <user>#<mydomain>.
DKIM validation passed because at least one signature is valid
Signature 1 for domain <mydomain> passed. The message was signed, and the signature passed verification tests.
Signature 2 for domain sendgrid.info passed. The message was signed, and the signature passed verification tests but the DKIM signature domain sendgrid.info does not align with the Header-From domain <mydomain>.
SPF and DMARC validations are ok.
I confess I'm lost and I'm searching everywhere without success. Can anyone help me understading in what direction to go?
Can it be a problem with the python program?
Many thanks! Cheers!
Gil
To set your mind at ease, your setup is fine! Nothing to worry about.
DKIM is, among other things a reputation tool. SendGrid is adding two signatures to your emails, one for your domain, which will help pass DMARC authentication. And one for their domain / service. This second one is optional from the DMARC perspective, but may improve Inbox delivery.
There are many services that operate in a similar fashion, adding an additional DKIM signature to outbound emails.
I am having a little trouble figuring out this process. I can manage to get the DNS records set up for the DMARC, DKIM and SPF. I get lost with what i am trying to do with the private key for the DKIM. Currently i am using a dedicated server offered by 1and1.com. if someone can give me a quick walk through i would really appreciate it.
The website i am currently making sends out scheduled emails plus emails on behalf of users. Some of them are being blocked by Hotmail and other email providers. I understand that adding these protocols will increase the likelihood that the emails reach their intended targets. If there are any other mechanisms that can accomplish this as well, i would greatly appreciate a heads up.
i use the built in php mail method to send emails (i do not want to incorporate a third party plugin to do something that php already does and works pretty well)
thanks
Yes, you can set DMARC on 1and1. Set:
Type: txt
Prefix: _dmarc
Value: v=DMARC1; p=none; sp=none; rua=mailto:yourmail#hotmail.com;
ruf=mailto:yourmail#hotmail.com; rf=afrf; pct=100; ri=86400;
Change the 2 emails
You can't set up DMARC or DKIM on 1&1 DNS, they don't allow underscores (_) in sub-domains in their DNS records.
Sorry for the bad news. They are the only hosting provider I know about that doesn't allow underscores (unless something changed recently)
DMARC is easy to set up just use this DMARC Wizard
DKIM is something that you need to set up with email software program you're using to send mail (which you didn't tell us what you're using) - I'm guessing postfix or exim?
I know there are lots of questions on here already about being able to send emails to hotmail. I have read through them all, as well as lots of online posts over the last few weeks and have still been unable to fix this issue.
The issue that I am having is that I am unable to send emails to customers who have a hotmail email address. I can send emails to yahoo fine, I can also send emails to gmail as well (although these seem to go to the junk folder), however when I sent emails to hotmail email addresses, they just seem to never arrive.
I am using swiftMailer in a PHP Symfony2 Application to send the emails.
The server that my application sits on is a Linux CentOs box and I have open relay turned off
I have sent emails to 'auth-results#verifier.port25.com' to check that SPF, DKIM and Sender-Id is setup correctly. Partial output of that report is below:
==========================================================
Summary of Results
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
The DomainKeys check is neutral, i'm not sure if that is required as as DKIM is an extension on the DomainKeys.
I have setup a v=spf1 record and a spf2.0/pra record in the DNS as TXT entries.
My help on this would be greatly appreciated. I think the issue may be to do with Sender-ID, but I dont know too much about this subject area.
Check your mail server logs. Are you seeing something like this for delivery to your Hotmail recipients:
550 SC-001 (COL004-MC4F43) Unfortunately, messages from xxx.xxx.xxx.xx weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
If so, then it means that your mail server IP is on Microsoft's blacklist. You probably won't have much luck sending to users at live.com, outlook.com, or msn.com either. Fortunately, there is a solution. See the link below for a decent guide on how to resolve the problem:
https://www.rackaid.com/blog/hotmail-blacklist-removal/.
The key is to submit a request to Microsoft to remove your IP address from their blacklist (at https://support.live.com/eform.aspx?productKey=edfsmsbl3&ct=eformts&wa=wsignin1.0&scrx=1), but don't do that until you are sure that whatever caused you to become blacklisted has been resolved, as Microsoft doesn't like repeat offenders.
We are involved in the project which is designed to gather UK hotels details that our client needs to create a paper guide with most popular and top rated places in the country.
At the begining of each year we automatically send emails out to hotel owners in order to ask them to update their hotel details.
Unfortunately Client reported that some of hotels never received any of the emails nor that email ended up in spam, especially on hotmail mailbox.
Is there any known approach which could help us to overcome that situation?
One of the solutions we tried was to resign from local SMTP server and purchase external SMTP server on turboSMTP, but without effect.
How would you advise us to you deal with that problem or what have you advised to other companies in the past? Surely there must be a way to resolve that problem completely and we would appreciate your prompt help with that.
Sending an email to multiple recipients within the same company may sometimes have that effect. That company’s email firewall often assumes it’s a spam attack.
There's a lot of factors that come into this. Thankfully, by going for an external SMTP relay, you can offload most of the issues to them.
What you can do, is make sure your domain and emails are configured to increase their validity. Two really key things for this:
SPF records
DKIM signing
SPF
SPF is basically a whitelist of IPs that can send email for your domain. SPF records are added to your DNS server. There are plenty of SPF generators online that can help (like this one). Your SMTP provider will also need to be included in your SPF record.
DKIM
DKIM digitally signs your email to verify that it's been sent by an authorised sender. Your SMTP provider will have info on how to set that up (turboSMTP docs).
If you want to explore more, I recommend Jeff Atwood's (co-founder of SO) article on how horrible email is: http://blog.codinghorror.com/so-youd-like-to-send-some-email-through-code/
We have a website where we allow you to reset your password (say if you forget your password). This is standard on many websites. Basically you enter your email address which you've used to register on our website, then we send you an email containing an email reset link.
This is all standard stuff. However, the problem is: Gmail somehow thinks this email we send to the user is spam, and puts it in the Spam folder.
The specific message Gmail shows is:
Be careful with this message. Our systems couldn't verify that this message
was really sent by xyz.com. You might want to avoid clicking links or replying
with personal information.
Let me explain how we send the email. We use the company sendgrid.com to deliver
the emails. xyz.com is a domain we control. (xyz is a pseudo-name here.)
The email's from address is: do-not-reply#xyz.com
We have changed xyz.com's SPF record to include "sendgrid.com" (and "sendgrid.net" "sendgrid.me").
There's no website associated with xyz.com, however.
My question is: what else can we do to make Gmail believe the email is from the domain xyz.com? So it doesn't put the email in the spam folder?
Thank you.
Did you end up publishing DKIM with Sendgrid? Also, I have a feeling your SPF record isn't quite right as generally there's one official entry per email provider. You mention adding several. I'd recommend looking at their docs for exactly what they recommend publishing in your SPF. Do this for any provider you use for any kind of email.
Since you mentioned Sendgrid as your ESP, here are Sendgrid's instructions. Once you've done the DNS you have to ask Sendgrid to "sign" it. Since DKIM uses cryptography you'll need them to do their side.
DKIM's less complicated than it sounds. The DNS records you have to add will take a few minutes then presumably open a ticket to Sendgrid to have them do their side.
Also, as an aside, could you post what you have for your SPF record here? I don't mean your domain but what the value is? It's not directly causing the problem but it's a key component of email authentication.
Once you've completed SPF and DKIM, it is critical you validate them both. Do a search for SPF validates and DKIM validator to find online tools.