Here’s how to setup DKIM and Domain Keys. First of all, download the DKeyEvent tool and install it.
Send an empty email to [email protected]
Now, the response will be a full detailed report with all kinds of technical information. Here I will just show the summary:
========================================================== Summary of Results ========================================================== SPF check: neutral DomainKeys check: neutral DKIM check: neutral Sender-ID check: neutral SpamAssassin check: ham
We now need to get our mail server setup to pass all of the 4 checks.
SPF Check and Sender-ID check.
You can read more about Sender Policy Framework here. To add the SPF validation is a simple case of adding a TXT record to your DNS setup. I use www.EveryDNS.com and my basic setup looked like this:
To pass the SPF and Sender-ID check you simply need to add a TXT record with content of : v=spf1 a ~all like so:
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham
Setting up the DKIM records
Start the DKeyEvent program on your mail server and enter you domain/login info in the DKeyEvent SM tab.
Switch to the DKIM section and enter a new domain and a selector name by clicking on the little plus sign at the bottom right corner.
Click Save Settings. Switch to the Domain tab, and select your domain and selector. Click on Generate.
Select all the text in the bottom hand textbox and copy it to the clipboard.
Repeat the steps by doing the same in the DomainKeys
Click Save Settings.
The key should be the same as in the DKIM section.
Now go to your DNS management and add a new A record for the domain key.
Add a new TXT record with the same name as your selector as the prefix, plus your domain key record name and paste in your key from the DKeyEvent program as the value.
Restart your SmarterMail service
Now wait for your DNS changes to be propagated, and send a new test email.
Enjoy the result:
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check: pass SpamAssassin check: ham
Hi Magnus,
great helpful article, many thanks for posting. Just one question though. you have selected the setting to verify authenticity of incoming messages… IS this not a bit dangerous ?(I am referring to Backscatterer.org), Whats your take on that setting ?
regards
Patrick
@Patrick, thanks for your comment.
Well, just after I wrote this post back in 2009, I made a decision to never bother about these kind of things again. For me, running a small ISV (and this blog), I realized that; what the heck am I doing here? Setting up my own email server, struggling with all these mail server pre-requisites, DKIM, yada yada. So I stopped all this stuff and moved all of my email handling to Googles Apps and haven’t looked back. For me, life is too short to be bother about these infrastructure mechanisms, I let people who know these things do it for me from now on.
With this in mind, I haven’t looked at Backscatter problems, and have very little interest to do so as well.
Hope you can find a more insightful answer from somebody who are into that area.
/M
Heh Heh … nice one… just took a look at the gmail apps myself today and totally agree with you…let other people worry about all that crap 🙂
Thanks anyway.. regards . Patrick
Thanks For the Awesome article, however, I am using mailenable as a server and when I try to add a domain name and selector in the dkim MTA tab, it says “An error seems to occured while trying to generate keys.”