Feature Request - DKIM and DMARC Support

As many spam filtering providers are continually upping their defenses against spam, DKIM and DMARC support is going to be an increasing need-to-have for authenticating client's email servers as non-spammers.

Rackspace is even updating their systems to support DKIM signing on outgoing email and will be implementing DMARC as well which is going to make spam filtering even more troublesome with them when our client's systems don't support either.

And Office 365 supports DKIM as well...it seems rather odd that Reflexion is lagging behind so much in bringing these features to the table.

Parents
  • For those that stumble on this request ... please read answer here: https://tickets.reflexion.net/index.php?/Knowledgebase/Article/View/27/1/

     

    Reflexion and you: DKIM
    Posted by Max McElroy on 23 October 2019 01:26 PM
    This article applies to any Enterprises that are sending mail outbound through our Smarthost

    This article will: Briefly define DKIM and describe how it interacts with Reflexion

    This article will NOT: describe how to configure DKIM

    DomainKeys Identified Mail (DKIM) is a method to ensure that mail is A) coming from where it is supposed to, and B) not manipulated or altered while in transport.  This is achieved by adding a txt record with a "public key" to the domain registry, adding a "private key" to the mail service, and encoding a hashed copy of the keys to all mail sent by the mail service.  If the message is altered in transit, the hash of the keys is changed, and if the recipient server is enforcing DKIM checks, the message will be handled according to the recipient's checks.  This can be used to prevent "man in the middle" and hijacking style attacks from being delivered through email.  When used in conjunction with SPF or DMARC, DKIM can further helps prevent spoofed or false messages from being delivered.

    However, Reflexion does not currently provide our own DKIM signing for outbound messages.  In addition, because of how DKIM is designed to work, we also cannot recommend using the Control Panel Footer if you both have DKIM, and use our smarthost for outbound mail.

    As previously described, altering a message while in transit will change the key-hash for a DKIM protected message.  When Reflexion added the Control Panel Footer to an inbound message, this will break the hash for an inbound message.  Furthermore, when a message is sent back outbound through our smarthost we will strip the footer out of a message if we detect it; which would also cause any outbound messages to then fail a DKIM check.  Our official statement for our own clients is that we do not support the use of DKIM for this reason.

    If your domain is utilizing DKIM to secure your messages, you can disable the Control Panel Footer for inbound messages.  This will allow you to send outbound through Reflexion without the key-hash being disturbed.  Alternatively, you can remove the Reflexion smarhost from your environment, but if the Control Panel Footer is active, external recipients will be able to see it.

    Currently, we do not have any plans to initiate DKIM support.  If this changes, we will notify our partners and clients, and provide in depth configuration instructions.
Reply
  • For those that stumble on this request ... please read answer here: https://tickets.reflexion.net/index.php?/Knowledgebase/Article/View/27/1/

     

    Reflexion and you: DKIM
    Posted by Max McElroy on 23 October 2019 01:26 PM
    This article applies to any Enterprises that are sending mail outbound through our Smarthost

    This article will: Briefly define DKIM and describe how it interacts with Reflexion

    This article will NOT: describe how to configure DKIM

    DomainKeys Identified Mail (DKIM) is a method to ensure that mail is A) coming from where it is supposed to, and B) not manipulated or altered while in transport.  This is achieved by adding a txt record with a "public key" to the domain registry, adding a "private key" to the mail service, and encoding a hashed copy of the keys to all mail sent by the mail service.  If the message is altered in transit, the hash of the keys is changed, and if the recipient server is enforcing DKIM checks, the message will be handled according to the recipient's checks.  This can be used to prevent "man in the middle" and hijacking style attacks from being delivered through email.  When used in conjunction with SPF or DMARC, DKIM can further helps prevent spoofed or false messages from being delivered.

    However, Reflexion does not currently provide our own DKIM signing for outbound messages.  In addition, because of how DKIM is designed to work, we also cannot recommend using the Control Panel Footer if you both have DKIM, and use our smarthost for outbound mail.

    As previously described, altering a message while in transit will change the key-hash for a DKIM protected message.  When Reflexion added the Control Panel Footer to an inbound message, this will break the hash for an inbound message.  Furthermore, when a message is sent back outbound through our smarthost we will strip the footer out of a message if we detect it; which would also cause any outbound messages to then fail a DKIM check.  Our official statement for our own clients is that we do not support the use of DKIM for this reason.

    If your domain is utilizing DKIM to secure your messages, you can disable the Control Panel Footer for inbound messages.  This will allow you to send outbound through Reflexion without the key-hash being disturbed.  Alternatively, you can remove the Reflexion smarhost from your environment, but if the Control Panel Footer is active, external recipients will be able to see it.

    Currently, we do not have any plans to initiate DKIM support.  If this changes, we will notify our partners and clients, and provide in depth configuration instructions.
Children
No Data