undefined | Better HN

0 pointsavian6y ago0 comments

Thanks for the link. I think the tool you linked specifically checks whether DKIM is set to allow Google's servers to send mail on the behalf of your domain.

These checkers for example don't find any errors with the DNS record:

https://dmarcian.com/dkim-inspector/?domain=tablix.org&selec...

https://mxtoolbox.com/SuperTool.aspx?action=dkim%3atablix.or...

One thing that this second one does find is the lack of a version number in the record. I see that the RFC [1] got updated since the last time I checked and having that is now recommended instead of optional. I'll add that. Thanks!

EDIT: after adding version record, Google's tool now shows green checkmark for DKIM as well.

In any case, it's impossible to test a DKIM setup just by looking at the DNS records. The true test is to verify the actual signature in the message. Last time I checked, the mail on the receiving end (Gmail), did have "dkim=pass" in the Authentication-Results headers.

[1]: https://tools.ietf.org/html/rfc6376#section-3.6.1

0 comments

tssva6y ago

You may also want to add a DMARC policy. A dmarc record generator can be found at https://mxtoolbox.com/DMARCRecordGenerator.aspx

j / k navigate · click thread line to collapse