DKIM and DMARC support are here!

Posted on March 26, 2019 by Scott

DKIM (DomainKeys Identified Mail) is an email standard for making sure emails aren’t tampered with between their origin and your inbox, and verifying that they’re actually from who they say they’re from.

It’s a different and often overlapping mechanism than SPF (Sender Protection Framework), which Purelymail has always used. Both allow verifying senders, but DKIM works for detecting the authenticity of forwarded emails too.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism to reduce ambiguity in how receivers should apply SPF and/or DKIM to their domain, and for reporting fraudulent or misconfigured messages.

We’re now testing DKIM and DMARC support. This applies to all Purelymail domains, and can be added for custom domains too.

If you’re using a custom domain, be sure to check the custom domain page for instructions on how to add DKIM and DMARC records. These aren’t required, but they will help improve email deliverability.

Right now our DMARC policy is configured not to take action on emails that don’t pass checks. We’ll keep it that way for a few weeks while making sure all of our systems are working properly, and then move to a strict reject policy for messages that don’t match.

Our implementation handles key rotation for you. Key rotation just means we swap out the cryptographic keys used to sign messages on a regular basis, so that if they’re compromised there’s only a limited window to forge messages with them.