DKIM - re: emails.

  • Started
  • Last post
  • 4 Responses
  • detritus

    I'm going to be blunt - I have fuck all idea what this is.

    Here's a link: http://www.dkim.org/

    I still have no idea.

    If, however, you are like me and host your own email - ACTIVATE THIS CUNT NOW.

    Despite keeping an eye on IP blacklists to make sure i'm not on them (it happens sometimes, especially if you're on a shared server - check here: https://mxtoolbox.com/blacklists… ) I realised recently that my emails weren't getting through to GMail.

    Google would much prefer you use their email rather than your own, so will deploy any technology or excuse to make your independent/non-GMail emails fail to get to their destination.

    I discovered this to my cost last week, and have now had proof positive that this was the cause of the problem, as a client shook his head dazed because 4 emails I'd sent prior to getting quite irate about something hadn't landed in his inbox.

    Fuck Google.

  • detritus0

    What really annoys me about GMail is that someone can send you an email from it, then you reply and .. oh no! it throws its hands in the air and doesn't know wtf to do with the response that was clearly requested by the user.

    It's like Google 'forgetting' what location you use its services from every n days. WHY? We know you track the fuck out of everything, so why pretend to forget that I've been accessing my Google account from the exact-same locations for two years? What IS the advantage to getting 2-factor authorisation via my mobile? What DO you gain from that interaction? I'm sure it must be something - you're not stupid, Google.

    • been using it for years and never had an issue like this. it's your shared email server environment that google doesn't like.fadein11
    • move your shit to a dedicated server not shared with spammers.fadein11
    • You miss the point. It's not the shared server, no ip blacklisting.detritus
    • The point is that Google is smart in some regards, coincidentally stupid in others, particularly where it's to their benefit.detritus
    • And your average gmail user can be completely unaware that their communication is being messed with.detritus
    • I have spam warnings in my inbound email, but it's apparently a lot smarter and doesn't delete client mails.detritus
    • Again, I'm surprised by how compliant some people are where Uncle Google's concerneddetritus
  • sted2


    DKIM (DomainKeys Identified Mail) is a method used to associate a domain name identity with an outgoing message and to validate a domain name identity associated with an incoming message through cryptographic authentication.
    SPF (Sender Policy Framework) is a method used to prevent sender address forgery, i.e. using fake sender addresses. It allows mail server to check that incoming mail from a domain comes from a host authorized by that domain’s administrator. In addition, Plesk uses SRS (Sender Rewriting Scheme), so that forwarded messages can pass SPF checking.
    DMARC (Domain-based Message Authentication, Reporting and Conformance) is a technology to extend the capabilities of the SPF and DKIM methods. The DMARC policy defines how the receiver should treat email messages depending on the results of DKIM and SPF checking.

    • dkim: mail spoofing
      spf: sender address forgery
      dmarc: header from spoofing
      sted
    • Oh shit, so I need to set up SPF too? I thought DKIM trumped SPF. Fuck.
      DMARC too??
      detritus
    • it's fucking complicated but yes. but no worries there are lot of tools online to verify and adjust these details.sted
    • Thanks, man - spf and Dmarc enabled. Well, I think anyway - if my client's go quiet again I'll know if borked something...detritus
    • +1 Sted, Great Stuff!detritus
    • lol crap i forgot to link the stuff i used:
      http://dkimcore.org/…
      but remember if you got cpanel or plesk on the server they can generate these records
      sted
    • using the proper domain ssl key.sted
    • I set up using cPanel - I'm hoping its done all the legwork for me. Do I need to DO anything with the 'Current raw SPF record'? eg. in the mail client?detritus
    • you are getting bogged down in stuff which isn't the issue. As if gmail would be used if it casually blocked incoming email. come on.fadein11
    • you email is hosted on a shared server and gmail is blocking you or one of the other fuckers on that server to prevent spam.fadein11
    • google have issues but this is just paranoid. blame your web/email host not google.fadein11
    • most of gmail traffic are emails sent/received from "self hosted" email, not @gmail.comfadein11
    • he checks the server on mxtoolbox and the ip isn't blacklisted...sted
    • @detritus nope. and check this:

      https://www.namechea…
      sted
    • show me some stats which proves gmail consistently blocks email from "I host my own email" AKA shared server with a website package email I willfadein11
    • eat my own hat.fadein11
    • "Google would much prefer you use their email rather than your own, so will deploy any technology or excuse to make your independent/non-GMai... emails fail"fadein11
    • nonsense, sorry but it is. most of gmails traffic is exactly that lolfadein11
    • i think you got this wrong.sted
  • noneck0

    Email is not a host-it-yourself service. There are plenty of options for you and your clients if you don't like gmail. Rackspace mail and Namecheap are two affordable services that come to mind immediately.

    • What do you mean — I've hosted my own email for nearly two decades?detritus
    • By which I mean it's not sat on my desktop here, running from a personal server, but as as part of the server space I rent.detritus
    • yeah, you get a website for your portfolio and you usually have an associated email with the url.shapesalad
    • lol why now? just hire a proper sysadmin.sted
    • for example i don't keep my corporate or sensitive emails on gmail.sted
    • Sounds like hosting your own email is working well for you. Keep up the great work.noneck
    • Not sure what called for that.
      What an prick you are.
      Keep up the great work!
      detritus
    • Email's back to working as it was two weeks ago and fine now that I instituted the things I started this thread for, as advice for others in my situation.detritus
    • Not my fault you haven't got a fucking clue what you're on about.
      Keep up the great work!
      detritus
    • It seems like you're having a rough day. I hope things get better for you.noneck
    • No — busy, not rough, Actually somewhat successful overall!

      For once.
      detritus
  • sted0

    @fade

    I learned about this stuff when we had a client few years ago and they sent out a lot of customer emails to outlook/microsoft addresses. And after some time none of those emails arrived because the severs ip was blacklisted. We tried everything and after some digging it turned out that there are some standards like DKIM what microsoft stared to enforce in some cases. So to get out from that spam list we had to configure the server properly, and allow m$s to check the records. It was our fault because nobody cares about newly released standards until they turn mandatory.

    It isn't an idea to keep you on gmail or whatever large email system. This entire stuff is for the average users to protect them from spam/phishing/fake emails. For a professional server admin this takes 30 mins. And as you can see most of the low-budget (vps) server control panels implemented these features, but they aren't turned on by default.

    • oh god yes, I have experienced this before. but this is a separate issue to what I quoted from det (i.e. a conspiracy theory).fadein11
    • "Google would much prefer you use their email rather than your own, so will deploy any technology or excuse to make your independent/non-GMai... emails fail"fadein11
    • this really isn't the case. if it is I will eat my hat as I said below.fadein11
    • most gmail traffic is people using it as a reader of "self hosted email" whatever that means. their entire system would fail v,quickly.fadein11
    • we are discussing 2 separate issues here. I have never experienced clients using gmail not receiving my email unless my domain was blacklisted.fadein11
    • due to being hosted on a shared server.fadein11
    • Why do people conflate practical but cynical business reasoning with 'conspiracy theories'?detritus
    • For the record - I have had problems in the past (twice) with different shared servers I was on being blacklisted, so it was the first thing I checked.detritus
    • Now was the first time I'd come across DKIM, etc - I'm fairly tech-aware but this was news to me, so I figured this thread might be of use to others.detritus
    • Google's entire modus operandi is to create lock in - from AMP to free fonts to Android to .. everything. I think it's naive to not suspect their motivations...detritus
    • just v.silly to blame this issue on Google trying to make you use their services. Most of their traffic is from "self hosted" email. I know you have a beef withfadein11
    • ...but that's a million miles away from 'conspiracy theory', which is (I'm sorry) a bit of a stupid reduction.detritus
    • them as do I over some stuff, but intentional blocking of email because its not gmail is just plain daft. Sorry. I understand your pain but you are barking upfadein11
    • the wrong tree.fadein11
    • it is of use, don't be so sensitive and read your original post, it was a little over dramatic. if you show me some actual evidence of what you accused them offadein11
    • I may change my mind. But I can 99% guarantee it's down to the shared server/company you "self host" your email on.fadein11
    • Yeah, no shit it's down to my server's settings - hence the point of this fucking thread, fadein?detritus
    • have you noticed how little spam you get on a gmail address, even in the spam folder. it's tight as fuck and thats the reason you are having problems.fadein11
    • it doesn't change the fact that google is for some reason too stupid to be able to recognise a legit email response from a non-blacklisted IPdetritus
    • that it's too stupid to remember what 2½ computers and locations I access it from, so invokes 2FA at any given chance. Why? It's not stupid, so why?detritus
    • "Google would much prefer you use their email rather than your own, so will deploy any technology or excuse to make your independent/non-GMai... emails fail"fadein11
    • Given that everything it does is (obviously) utterly self-interested, do you not think there's an underlying rationale that I'm rightfully pointing at?detritus
    • yes fadein, keep bleating it back to me - no conspiracy there, just deduction from all else they do.detritus
    • possibly yes, but as I said I think you were barking up the wrong tree in this instance. But shared servers and the shit arse companies who run them are morefadein11
    • of course you don't get spam on google if their filters are overly aggressive - how often do you check your spam folder to make sure it's not got legit stuff?detritus
    • to blame imho. sorry i have pissed on two of your meltdowns this week. Adobe and now Google. But sometimes I do think it is as simple as it may seem.fadein11
    • Ok, i've just checked my GMail account - 14 spams, 2 legit, not from me. Not a huge number, but there we go.detritus
    • Sorry, I got that wrong - not 2.

      3. three out of 14.
      detritus
    • christ. i wish this was all i had to worry aboutfadein11
    • "oh but you can train it!" Sure. how many normal users know that?detritus
    • okfadein11
    • You've not pissed on anything, you've just shared opinions I don't agree with. If you're trying to 'piss' on me, perhaps try harder.detritus
    • your initial bold statement sounded a bit crazy to me. prove me wrong. i like you. i even enjoy your constant moaning because you remind me of a more negativefadein11
    • I do worry becuase it's my business, so yes, this shit's important to me. if you think that's funny, you're a cretin.detritus
    • version of me sometimes. but please, i disagree here. let's leave it there. look out for some evidence of your bold claims, prove me wrong.fadein11
    • your initial statement was driven by middle aged rage and frustration and little attachment to reality. but that's fine. you are still cool.fadein11
    • Did you see the bit where I said that 3 emails to my gmail account have been spammed? 3, all from reputable well-known sources. WHY?detritus
    • change your settings. do you not have same issues with your "self hosted" email? check the spam folder in your shared server control panel? it will likely befadein11
    • I find it weird that two of the people here most invested in conspiracy or alternate bullshit don't think to question a corporate monolith's motivations.detritus
    • worse. I had horrors one day seeing various emails that never arrived, missed opps etc. its the nature of email unfort. peeps dont like spam so its often afadein11
    • No, that's exactly the point I made yesterday, fadein - my server's spam folder just has spam in it. Crazy!detritus
    • ok. run through it again. your theory is that gmail purposely blocks your email to clients so you move to their servers?fadein11
    • who do you "self host" with?fadein11
    • my first response to this issue would be contacting my provider not blaming the recipient. but that may be just me.fadein11
    • prove me wrong here. if this is true it will be another nail in the coffin for me and google.fadein11
    • Google and I*
      before the grammar nazis kick in.
      fadein11
    • NB I am getting a bit bored though now so may pick this up in the morning.fadein11
    • No, my point is that GMail deploys controls that primarily benefit it, before its users, and in opposition to competition. It's obvious, nothing magic here.detritus
    • i struggle to find how it would purposely block email thereby making its service a joke. sorry bit of a jump for me.fadein11
    • of course they want to dominate etc. goes without saying. by moving to their service do you mean their "self hosted" option? can you send me a link please?fadein11
    • I may do because these shared server options are a 99% a load of bollocks, oh wait they don't offer the same service do they?fadein11
    • eh? what are you asking? Self-hosted GMail? I didn't suggest such a thing?detritus
    • re: 'i struggle..' - you DON'T see something odd with reply emails to GMail not getting through? Like I write to someone, and their response is spam?detritus
    • Perhaps I was a bit hyperbolic yesterday, but I stand by what I implied - Google hobbles to encourage lock-in. It's their raison d'etre.detritus
    • Perhaps it's incompetence. All those billions, all those engineers, and yet...detritus
    • Up until 1-2 weeks ago, my emails WERE getting through to Gmail ok, and then.. nup. No Blacklist, no information, just nup. Apparently it forgot.detritus
    • I'm beginning to think that perhaps GM is just shit. Now 18 spams, including another legit one. So, 4/18. *Search history* All of these are from addresses ...detritus
    • ... I've got a long list of emails from. Going years back.detritus
    • "Google hobbles to encourage lock-in" - lock in to what? @gmail addresses? this is where I am confused. most of gmails traffic is non @gmail email.fadein11
    • everyone uses it to read their own "self hosted" as you put it emails. what are you talking about. I send and receive 4 non gmail accounts via gmail.com with nofadein11
    • issues. My partner does 3. we have no issues. lock in to what? please i want to understand.fadein11
    • I also access one@domain email via Thunderbird and send to Gmail addresses a lot. Just never had this issue aside from when on a shared server with one companyfadein11
    • once... Anyway it doesn't matter does it. If what you say proves to be true I would be v.disappointed.fadein11