Avatar of triphen
triphen asked on

DKIM....should you use it?

Hello Experts,

If DKIM is such a good thing to implement, why don't microsoft.com, google.com, or yahoo.com implement it?

I see they all have SPF and DMARC, but not DKIM.

Thank you
* email protectionEmail Servers* SPF Records

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
Dr. Klahn

The main reason that DKIM is not generally used is this:  If it was mandated and strictly implemented by these big players, it would result in denial of otherwise valid email emanating from improperly configured sites.  If Yahoo, gmail or Microsoft did this then their user-base would go to some other email service provider.

There are just too many little "mom-and-pop" sites out there with email configured just barely well enough to send outgoing messages.

The flip side of this is that if the big players mandated and required DKIM, it would become a worldwide standard right quick.  But the up-front cost in lost email and lost customers would be very, very high and a customer who leaves in anger is unlikely to return.

As time goes on this may change, but at this time (a) spam filtering is about good enough to handle most suspicious messages and (b) the price paid for requiring valid DKIM on all messages would be too high.

Understand, but if my DKIM is properly configured in DNS and all my outgoing mail is signed with private key, that can possible be misconfiguered on the receiving side?

Dr. Klahn

When someone "cookbooks" a configuration from a not-necessarily-excellent example without understanding it, any software product can be misconfigured.  And this is how many small sites are configured - by people who have never done this, will never do it again, and are cookbooking from an example.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

Yes I understand what you are saying about the cookbooks and how no one know what they are doing...

I am sure Microsoft, Google, and Yahoo have competent people to set up a DNS record and enable DKIM on their email server. The question is why aren't they doing it to protect themselves? All receiving mail server just have the burden of checking the DKIM, but that is their burden to check, they can't mess something up on their side as far as config as far as I know.....that's what I don't get,

Thank you.
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question