Questions tagged [dkim]
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by allowing the receiving party to verify with the sending party that the email actually originates from their domain.
79 questions
1 vote
1 answer
92 views
Entered a DKIM selector in DNS record that doesn't exit in Exchange 365 email. Will this cause problems?
My MSP supports a sub company where the parent company is supported by a different MSP. We've been working with them to increase security, so we wanted to implement DKIM for email. We have access to ...
- 11
3 votes
2 answers
601 views
What use is SPF for email security in a cloud / SAAS world
I've just set up sending emails from my domain with Google workspace, and have just learned about SPF, DKIM, and DMARC. I'm wondering, what use is SPF in the modern internet. Probably half the ...
- 41
1 vote
1 answer
155 views
Using "send as" feature with gmail from custom domain not hosted by Google fails SPF and DKIM
I have my personal email address set as a "send as" option on gmail. Let's call it [email protected]. I don't use Google for any services relating to mydomain.com, so I don't have an admin ...
2 votes
1 answer
862 views
How to Fix DKIM Alignment Issues with AWS SES in Lambda Emails to Prevent Spam Filtering?
I am using AWS SES to send emails from a Lambda function with a FROM address of [email protected]. I have configured the following: Domain Identity: example.com DKIM Signatures: Using RSA 2048-...
- 21
1 vote
1 answer
886 views
Can I use multiple email providers with my website's DKIM, DMARC and SPF?
I'm a software developer, with limited Mail server setup experience, running a little side SAAS on the side where I send emails to my customers. My domain has SPF, DMARC and DKIM setup and I use ...
- 113
1 vote
2 answers
171 views
DKIM Authorization Question
I've read a good bit about DMARC, DKIM, and SPF but now that I'm getting results come in, there are some things I'm seeing that I don't understand. I keep seeing passing DKIM results from outside ...
- 121
3 votes
1 answer
277 views
How to know whether e-mail was spoofed?
I am having a hard time understanding the different methods of e-mail verification. I know about DKIM, SPF and DMARC. If I would like to know whether an e-mail I received actually came from the e-...
- 31
1 vote
0 answers
325 views
Is my DMARC report saying legitmate emails are failing or illegitimate emails are passing? [closed]
I am learning how to improve email deliverability. Along the way, I'm learning about DMARC reports, SPF and DKIM. I have a friend with a small business who said I can practice with this email ...
- 317
6 votes
1 answer
3k views
Spoofed email sent to me from my email address with SPF/DKIM/DMARC passing
I received an email earlier today on my work email address. The email came from the same address—mine—but I didn't send it. It was an email claiming that he was a professional hacker who had hacked my ...
- 161
1 vote
1 answer
2k views
Still able to spoof emails with strict DMARC, SPF and DKIM enabled
Despite setting up strict DMARC, SPF, and having DKIM enabled, I am still easily able to spoof the "From" address. I can easily do this with PHPMailer on my Mac and even with some free 3rd ...
- 111
0 votes
1 answer
341 views
Spoofed forwarded email? Help with analyzing of DMARC report
Why did this email get forwarded successfully? An XML report is below: I simply cannot understand the delivery status, a transcript follows: This email has been automatically forwarded. Despite the ...
- 1,747
0 votes
1 answer
435 views
SPF problems using my ISP's SMTP out-bound server
The spf record for my domain is: v=spf1 a:smtp.(my-isp).com ip4:(my-static-IP) -all I have recently added smtp.(my-isp).com to the spf record. I have sent some test emails to gmail where the outgoing ...
1 vote
0 answers
242 views
DKIM on Google Workspace not setup yet DKIM check PASSES?
I have a domain that's using Google Workspace that doesn't have DKIM authentication enabled. Even though DKIM isn't set up, emails sent from that domain arrive in other inboxes and pass the DKIM check....
- 11
2 votes
1 answer
973 views
How many times need e-mail headers be signed with DKIM to mitigate DKIM header injection attacks?
Many people have written about DKIM header injection attacks. [1] The suggestion to mitigate it is to oversign headers and to rotate any DKIM keys that were previously used to sign e-mails where not ...
- 794
0 votes
1 answer
2k views
DKIM from another domain, how does it work?
I've recently started configuringn and using DMARC reports and I have the following question. How can the DKIM domain not be my domain (and pass)? I have the following report <record> <row&...
- 103