Start Free Trial
Come for the solution, stay for everything else.
Start Free Trial
DKIM....should you use it?
If DKIM is such a good thing to implement, why don't microsoft.com, google.com, or yahoo.com implement it?
I see they all have SPF and DMARC, but not DKIM.
* email protection
* SPF Records
8/22/2022 - Mon
The main reason that DKIM is not generally used is this: If it was mandated and strictly implemented by these big players, it would result in denial of otherwise valid email emanating from improperly configured sites. If Yahoo, gmail or Microsoft did this then their user-base would go to some other email service provider.
There are just too many little "mom-and-pop" sites out there with email configured just barely well enough to send outgoing messages.
The flip side of this is that if the big players mandated and required DKIM, it would become a worldwide standard right quick. But the up-front cost in lost email and lost customers would be very, very high and a customer who leaves in anger is unlikely to return.
As time goes on this may change, but at this time (a) spam filtering is about good enough to handle most suspicious messages and (b) the price paid for requiring valid DKIM on all messages would be too high.
Understand, but if my DKIM is properly configured in DNS and all my outgoing mail is signed with private key, that can possible be misconfiguered on the receiving side?
When someone "cookbooks" a configuration from a not-necessarily-excellent example without understanding it,
software product can be misconfigured. And this is how many small sites are configured - by people who have never done this, will never do it again, and are cookbooking from an example.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
Yes I understand what you are saying about the cookbooks and how no one know what they are doing...
I am sure Microsoft, Google, and Yahoo have competent people to set up a DNS record and enable DKIM on their email server. The question is why aren't they doing it to protect themselves? All receiving mail server just have the burden of checking the DKIM, but that is their burden to check, they can't mess something up on their side as far as config as far as I know.....that's what I don't get,
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today
7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Plans and Pricing
Certified Expert Program
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent