Domain Keys Identified Mail
Advertisement Advertisement  

But the spam and phishing epidemics aren’t letting up – every day Gmail filters out billions of unwanted messages from our users’ inboxes – so we’ve been focused on creating helpful tools and working with the email industry to bring solutions that will help our customers. Email authentication is an important mechanism to verify senders’ identities, giving users a tool to recognize potential spam messages. In addition, many mail systems can display whether a received message is DKIM-verified, which helps spam filters verify and assess the overall reputation of the sender’s domain: messages from untrusted senders are treated more skeptically than those from good senders.

Today, we mark another notch in the spam-fighting belt: we’re making it possible for all Google Apps customers to sign their outgoing messages with DKIM, so their sent mail is less likely to get caught up in recipients’ spam filters. Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost. Once again, the power of the cloud has made it possible for us to bring this feature to millions of customers quickly and affordably.

“We help the most-phished brands on the Internet manage their mail authentication programs, and the Google Apps solution is the simplest that we’ve encountered. Configuring DKIM for in-house systems requires plug-ins or additional gateway servers, making a company’s mail environment more complex and difficult to manage. As a Google Apps customer, this feature took us only a few clicks in the control panel and an update of our DNS,” said Kelly Wanser, CEO of eCert, an industry leader in providing critical protection against email fraud.

Starting today, all Google Apps administrators can enable DKIM signing in the “Advanced Tools” tab of the control panel. Log into your Google Apps account, then click the Advanced tools tab and click the Set up email authentication (DKIM) link at the bottom of the page. Then generate a new DNS record. (Note: If you’re not seeing the Set up email authentication link, you may want to try refreshing the page.)

From here it’s a little trickier to detail, since creating new DNS records varies depending on your domain host. Essentially you need to create a new DNS TXT record with google._domainkey as the TXT name and a long string that’s essentially your DKIM key as the TXT record value. You then save the new DNS record, and click the Start authentication button at Google Apps. It can take some time for your DNS records to propagate, but once they do, your Gmail account should start signing your messages. As more email providers around the world support DKIM signing, spam fighters will have an even more reliable signal to separate unwanted mail from good mail. We’re pleased to let millions more organizations use DKIM with this improvement.

Google Enterprise Blog