Double DKIM: Difference between revisions

From InboxSys document library
Jump to navigation Jump to search
No edit summary
No edit summary
Line 15: Line 15:
<strong>So, is it, and why is it, necessary to sign Double with DKIM, even if all your domains align perfectly?</strong>
<strong>So, is it, and why is it, necessary to sign Double with DKIM, even if all your domains align perfectly?</strong>


Apart from declaring which domains may be used in this message, the secondary DKIM signature ([[:Category:Reputation|ESP]] signature) is also meant as a fallback. If there is a fault on the sender's [[DNS]], the message still has a valid DKIM signature.
Apart from declaring which domains may be used in this message, the secondary DKIM signature ([[ESP]] signature) is also meant as a fallback. If there is a fault on the sender's [[DNS]], the message still has a valid DKIM signature.


Understanding the importance of Double DKIM is the first step, beyond that there is a preferred way of signing your DKIM signatures.
Understanding the importance of Double DKIM is the first step, beyond that there is a preferred way of signing your DKIM signatures.

Revision as of 23:33, 30 August 2023

Typical double DKIM warning

InboxSys rolls out Double DKIM testing feature!

If you see additional DKIM warnings in your InboxSys account, here is why.

As you may or may not know it’s best practice to align your domains when sending emails, such as your bounce domain, sender from domain, hostname, image hosting and link tracking domain, meaning that ideally all these should be on the same domain name.

Although this is best practice, this is an unrealistic point of view. In reality, often Email Service Providers require you to use their own domain for your bounce domain, for various reasons such as processing bounces and feedbackloop data. This is where double DKIM comes in.

Double DKIM is about ensuring each domain you use in your message headers are signed. This can be read about in https://tools.ietf.org/html/rfc6376.

So, is it, and why is it, necessary to sign Double with DKIM, even if all your domains align perfectly?

Apart from declaring which domains may be used in this message, the secondary DKIM signature (ESP signature) is also meant as a fallback. If there is a fault on the sender's DNS, the message still has a valid DKIM signature.

Understanding the importance of Double DKIM is the first step, beyond that there is a preferred way of signing your DKIM signatures.

  1. For multiple domains, use separate ’selectors’
  2. Use different Keys when using multiple domains
  3. The Minimum recommended length for DKIM keys is 2048 bit.

Summary

The key takeaways from this is to remember when using multiple domains, take into consideration Double DKIM. By doing this you shall be better aligned and your configuration will be looked upon favourably by some filters & ISPs, which could mean improved Deliverability rates.