Size Matters, DKIM

Email Athentication is Key

Authenticated and Approved

Over a year ago the talk of the town was 1024 bit DKIM / DomainKeys. The short story, if you’ve been hiding under a rock, is that a mathematician after receiving  a recruiting email from Google determined that it must be either a gag or a test given the weak key length. With the idea that it was a test he set about to proving his worth to Larry and Sergey using the hacked 512 key and impersonating them. Since then the world has moved on and the acceptable minimum length for DomainKeys used in DKIM signing has been set at 1024 bit.

Are you big enough

Is your existing DomainKey selector using an appropriately sized cryptographic pair? A simple check can be performed by inputing your selector and domain in this handy tool from Enter in your details for the big reveal. If you came out on the plus side, awesome. If your key pair is no longer sufficiently sized get to work updating it.

Rolling your own

There are a number of resources out there on the internet just a Google search away that will walk you step by step through the process of generating, extracting, and deploying your new 1024 private / public key pair. The most manual of these processes is to use openssl to roll your own. Many MTA vendors and deliverability tool sites have web based tools for generating the pair. One caveat, cleanup after yourself. Delete the pair from the site after you have gathered the data. Leaving your key pair out there on the open internet is just silly.

Doing what your ESP recommends

If you are using an ESP you should have been contacted to update the DomainKey selector already in place with an appropriately minimum 1024 bit key. The ESP will direct you to either publish a new selector in your DomainKey record or they may choose to have you remove the offending key outright and begin signing with 3rd party DKIM signatures.

ESP challenges

Third party signing comes with its challenges. The most significant being that you will not be able to fully utilize DMARC in protecting your domain from phishing and fraud. The third party signing results in misalignment of the DKIM signature which fails DKIM under the DMARC standard. DMARC allows for a strict and a relaxed interpretation. Both of these interpretations of DKIM and SPF however are tied to the domain being used to sign or authenticate being the same as that in the From and MailFrom receptively.

Engage your ESP

If your ESP is performing third party signing after having you remove an out of date selector, engage their deliverbility staff. Request that your email be signed using your domain. It’s a simple matter to deploy the public key in a new selector under your domain. It was how they got you signed with the 512 bit key in the first place 😉

Gmail’s Promotions Tab is Here! ~ Marketers Rejoice!

Priority Inbox


The arrival of Gmail’s Priority Inbox and new tabbed mailbox does not herald the coming Email Marketing Apocalypse, in fact it is quite the contrary. Ihave sprung up promising to help manage the Inbox and help users “get stuff accomplished” in the wake of too much email. Alongside this have been the doubters crying out that email is dead and reached the end of it’s usefulness citing stats like 85% of the email sent worldwide daily is Spam. Too much bacon, spam, and email has driven users to social channels for news and communication. Gmail is reviving the communication stream of email by empowering users with pre-sorting email. This was seen previously in a plugin bought by Return Path called OtherInbox. Gmail is not killing email marketing it’s providing marketers a place to grow. It would be a mistake for marketers to try to game the Priority Inbox as any gains would be short lived and serve only to diminish the reputation of the sender. And don’t wait around hoping that user outcry will cause Gmail to relent and rollback (can you say Google Reader?). It is certainly too early to tell one way or the other but I for one welcome the challenge to stand out in the Promotional tab. Check out this write up on Mailchimp’s blog about open rates in the wake of Priority Inbox.