The 1024-bit DKIM public key for the yahoo.com domain is stored in the TXT field of the “s1024._domainkey.yahoo.com” entry: “k=rsa; t=y; p=MIGADCBiQKBgQD(…)B; n=A 1024 bit key;” This key is used to verify the authenticity of the signature in the e-mail (generated using the private key installed on the sending server). Example of a signature present in an email: “DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Message-ID; b=cuXRK(…)vazo=;”. This ensures that the mail comes from the advertised sending server and that the sending domain is not spoofed.
A correctly signed e-mail from a server using DKIM technology is unlikely to be spam. This gives a positive indication of the type of e-mail received. However, it is not impossible for spammers to use this technology to spread their spam. To complement this standard, mail servers will add DMARC and SPF signatures to messages sent.
– SPF: indicates which servers and domains are authorized to send messages on behalf of an organization.
– DMARC: checks the consistency of other SPF and DKIM indicators. DMARC verifies the correspondence between the sender’s domain and its official mail server. This ensures that there are no attempts at identity theft, phishing or spoofing. This standard makes signing emails from reliable.
How do I use DKIM?
DKIM works with two keys: the public key of the DNS record and the private key of the mail server. When firstname.lastname@example.org sends e-mails, its mail server generates a DKIM signature header with the private key.
When the recipient’s mail server receives an e-mail, it checks the DKIM record using the public key of the DNS record for the toto.com domain. If the public key and DKIM signature information match, the e-mail is considered legitimate. If not, it’s considered spam, as there’s a risk that the e-mail may have been modified.
How do I configure DKIM?
DKIM is configured with a TXT entry in the DNS zone consisting of “selecteur._domainkey.domain.tld”. You can generate your DKIM key at https://nstools.fr/tools/dkim_generator . In the case of Altospam, we invite you to go to your administration interface, “MailOut” section, “SPF/DKIM” to copy and paste the relevant information into your DNS zones. Once the information has been updated in your DNS, you can activate the automatic DKIM signature, simply by checking the corresponding box: “Activate DKIM signature”.