But the spam and phishing epidemics aren’t letting up – every day Gmail filters out billions of unwanted messages from our users’ inboxes – so we’ve been focused on creating helpful tools and working with the email industry to bring solutions that will help our customers. Email authentication is an important mechanism to verify senders’ identities, giving users a tool to recognize potential spam messages. In addition, many mail systems can display whether a received message is DKIM-verified, which helps spam filters verify and assess the overall reputation of the sender’s domain: messages from untrusted senders are treated more skeptically than those from good senders.
Today, we mark another notch in the spam-fighting belt: we’re making it possible for all Google Apps customers to sign their outgoing messages with DKIM, so their sent mail is less likely to get caught up in recipients’ spam filters. Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost. Once again, the power of the cloud has made it possible for us to bring this feature to millions of customers quickly and affordably.
“We help the most-phished brands on the Internet manage their mail authentication programs, and the Google Apps solution is the simplest that we've encountered. Configuring DKIM for in-house systems requires plug-ins or additional gateway servers, making a company's mail environment more complex and difficult to manage. As a Google Apps customer, this feature took us only a few clicks in the control panel and an update of our DNS," said Kelly Wanser, CEO of eCert, an industry leader in providing critical protection against email fraud.
Starting today, all Google Apps administrators can enable DKIM signing in the “Advanced Tools” tab of the control panel. As more email providers around the world support DKIM signing, spam fighters will have an even more reliable signal to separate unwanted mail from good mail. We’re pleased to let millions more organizations use DKIM with this improvement.
29 comments:
Tnks Gmail Team.
Adam, does this take a bit of time to percolate out to all Google Apps domains? I don't see the new configuration options in my dashboard...
Amazing! Thank you one more time Google! :)
Does gmail go out with DKIM enabled already, or do I need to do something?
Would implementing this affect users who have multiple identities spanning several domains?
Example:
foo.com is a domain outside of my control, but I have an account there (somebody@foo.com), which I forward to myself@bar.com
bar.com is a google apps mail domain. I am considering enabling DKIM there.
I have gmail set up there to respond as myself@bar.com for any mail sent to that address. This let's me have one seamless inbox that replies as the "right person" depending on the original recipient of the thread.
Would DKIM on bar.com interfere with messages sent as user@foo.com?
If we enable this service, how will it affect e-mail that we send through third party systems such as Salesforce.com?
This is an excellent feature and nicely implemented. You generate a nice long 1024-bit key, relaxed/relaxed signing, the d= matches the From: domain, I can specify my own selector, just about everything is right.
However...
It's rather unusual among DKIM signing entities that you include the Received: headers and the DomainKey-Signature: header in the DKIM-Signature. Signing the Received: headers works fine when the mail transits directly from Google's sending servers to the recipient's server, but it will break when the message is forwarded - the same very common circumstances under which SPF fails. Please remove the Received: headers from the DKIM signature, so the signature will survive forwarding.
Thanks again for this excellent feature!
Does this work on DreamHost or free ones like cz.cc or co.cc?
Any idea when postini users that use compliance footers will be able to use DKIM? I assume the signing will need to be done on the postini side?
In bluehost, the underscore (google._domainkey) creates a problem when adding the record. Can you please fix to not have the underscore.
Hmm.. I don't think I can add a TXT record with 1&1.
Is there any other option to activate this if your hosting service doesn't allow changes or give you access to TXT records?? Thanks.
Awesome!
It looks like some servers won't allow the underscore (_) necessary in the TXT record name. For example, this doesn't work with any cPanel installation.
Amazing Information by google!! Thanks
How do I setup this feature on DreamHost.com hosting service?
I had read this post: http://lifehacker.com/5726704/enable-domainkeys-to-decrease-the-likelihood-your-email-will-be-marked-as-spam
But I don't get how to.
Where do I have to copy the generated TXT file?
In which folder?
Thanks!
When I try to set this up on my domain by clicking on the "Setup email authentication (DKIM)" link, it always fails with the error message "We are unable to process your request at this time. Please try again later. (Error #1000)".
When will standard (non-"apps") gmail support DKIM signing?
This is great news!
But what is the difference in signing that PayPal and Ebay uses from DKIM?
(Ie, how do we get the "key" on our mail and not just the "Signed" text?)
How does enforcement of this policy work on the Google Apps side? Do I need to anything, are phishing emails automatically rejected or is there a visual indicator that the email is bogus?
you should also add the "signed" key-shaped icon to all DKIM authh. messages listed in GMail.
thanks-
Both Google and Sendmail have had a long history with DKIM. Sendmail helped draft the first DKIM standards as well as launched one of the first open source DKIM implementations. Google has also been verifying eBay and PayPal incoming messages since 2008 and now says, “Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost.”
While I welcome Google to the party, I have to disagree with that statement. Sendmail has included both full DKIM signature verification from all domains as well as full DKIM signing on all outbound mail in our on-premises messaging platform, the Sentrion MPE, since 2008, at no extra cost. For those who use Google Apps in a hybrid mail architecture, the Sentrion MP integrates with Google Apps to take advantage of on-premises protection for their outbound mail against compliance violations, policy, use encryption, and even DKIM signing. Both Google and Sendmail have had a long history with DKIM. Sendmail helped draft the first DKIM standards as well as launched one of the first open source DKIM implementations. Google has also been verifying eBay and PayPal incoming messages since 2008 and now says, “Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost.”
While I welcome Google to the party, I have to disagree with that statement. Sendmail has included both full DKIM signature verification from all domains as well as full DKIM signing on all outbound mail in our on-premises messaging platform, the Sentrion MPE, since 2008, at no extra cost. For those who use Google Apps in a hybrid mail architecture, the Sentrion MP integrates with Google Apps to take advantage of on-premises protection for their outbound mail against compliance violations, policy, use encryption, and even DKIM signing.
Both Google and Sendmail have had a long history with DKIM. Sendmail helped draft the first DKIM standards as well as launched one of the first open source DKIM implementations. Google has also been verifying eBay and PayPal incoming messages since 2008 and now says, “Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost.”
While I welcome Google to the party, I have to disagree with that statement. Sendmail has included both full DKIM signature verification from all domains as well as full DKIM signing on all outbound mail in our on-premises messaging platform, the Sentrion MPE, since 2008, at no extra cost. For those who use Google Apps in a hybrid mail architecture, the Sentrion MP integrates with Google Apps to take advantage of on-premises protection for their outbound mail against compliance violations, policy, use encryption, and even DKIM signing. http://sendmail.com/sm/sentrion_appliances/sentrion_google/
I look forward to more cloud e-mail providers following Google’s lead by providing full inbound DKIM verification and outbound DKIM signing.
I look forward to more cloud e-mail providers following Google’s lead by providing full inbound DKIM verification and outbound DKIM signing.
I look forward to more cloud e-mail providers following Google’s lead by providing full inbound DKIM verification and outbound DKIM signing.
Greg Shapiro, VP Engineering and CTO, Sendmail,Inc.
Great Idea !
Thanks !
As one of the authors of DKIM, i'm here to say that Google has been a pioneer. Jim Fenton and I were floored when we noticed that without any announcement, fanfare or warning that all of gmail was signing with DKIM. This was back when it was practically Murray at sendmail and me who were still going back and forth with our first implementations of DKIM. And IIRC, their implementation only had a couple of problems whose fixes were pushed out in less than a week. Thanks guys, you've made a big difference.
Michael Thomas, an author of rfc 4871
Glad DKIM is here for Google Apps - if we can get everyone onto the bandwagon we'll finally end anonymous spam.
But PLEASE can we have it for Appengine too? I've set up DKIM for my Google Apps domain, but my Appengine messages are still unsigned.
After signing up for this for my domain gmail is reporting unusual imap activity on my account from the USA. I am located in Iceland.
Are the two related?
regards
Any1 with a .co.cc domain was able to set it up?
seems it doesnt work the dns set up with an hostname that contains the '_' char
thanks
It alway show "Status:Authenticating email" for 2 weeks. T_T
good
Post a Comment
Thank you for sharing your feedback with the Google Enterprise team. We will respond to open issues addressed in Comments with future posts on this blog. We appreciate your interest in Google Enterprise.